Junos OS Release 19.2R2 User Manual

Download

Release Notes: Junos®OS Release 19.2R2 for

the ACX Series, EX Series, MX Series, NFX

Series, PTX Series, QFX Series, SRX Series, and

Junos Fusion

22 April 2021

Introduction | 10

New Features in 19.2R2 | 10

Junos OS Release Notes for ACX Series | 10

What's New | 11

What's New in Release 19.2R2 | 11

What's New in Release 19.2R1-S1 | 12

What's New in Release 19.2R1 | 12

What's Changed | 16

What’s Changed in 19.2R2 | 17

What’s Changed in 19.2R1 | 17

Known Limitations | 19

General Routing | 19

Open Issues | 21

General Routing | 22

MPLS | 24

Resolved Issues | 24

Resolved Issues: 19.2R2 | 25

Resolved Issues: 19.2R1-S1 | 28

Resolved Issues: 19.2R1 | 28

Documentation Updates | 29

Installation and Upgrade Guide | 30

Migration, Upgrade, and Downgrade Instructions | 30

Upgrade and Downgrade Support Policy for Junos OS Releases | 30

Junos OS Release Notes for EX Series Switches | 32

What’s New | 32

What’s New in Release 19.2R2 | 33

Whats’s New in Release 19.2R1-S1 | 33

What’s New in Release 19.2R1 | 33

What’s Changed | 38

What’s Changed in Release 19.2R2 | 38

What’s Changed in Release 19.2R1-S5 | 39

What’s Changed in Release 19.2R1 | 40

Known Limitations | 41

EVPN | 42

General Routing | 42

Platform and Infrastructure | 42

Open Issues | 43

Authentication and Access Control | 43

General Routing | 43

Infrastructure | 44

Interfaces and Chassis | 45

Platform and Infrastructure | 45

Spanning Tree Protocols | 45

Resolved Issues | 46

Resolved Issues: 19.2R2 | 46

Resolved Issues: 19.2R1 | 54

Documentation Updates | 58

Installation and Upgrade | 58

Migration, Upgrade, and Downgrade Instructions | 59

Upgrade and Downgrade Support Policy for Junos OS Releases | 59

Junos OS Release Notes for Junos Fusion Enterprise | 60

New and Changed Features | 60

Changes in Behavior and Syntax | 61

Known Behavior | 61

Known Issues | 62

Junos fusion for enterprise | 62

Resolved Issues | 63

Resolved Issues: 19.2R2 | 63

Resolved Issues: 19.2R1 | 64

Documentation Updates | 64

Migration, Upgrade, and Downgrade Instructions | 65

Basic Procedure for Upgrading Junos OS on an Aggregation Device | 65

Upgrading an Aggregation Device with Redundant Routing Engines | 67

Preparing the Switch for Satellite Device Conversion | 68

Converting a Satellite Device to a Standalone Switch | 69

Upgrade and Downgrade Support Policy for Junos OS Releases | 69

Downgrading from Junos OS | 70

Junos OS Release Notes for Junos Fusion Provider Edge | 71

What's New | 71

What’s New in Release 19.2R2 | 72

What’s New in Release 19.2R1 | 72

What’s Changed | 72

Known Limitations | 73

Open Issues | 73

Junos Fusion Provider Edge | 74

Resolved Issues | 74

Resolved Issues: 19.2R2 | 75

Resolved Issues: 19.2R1 | 75

Documentation Updates | 75

Migration, Upgrade, and Downgrade Instructions | 76

Basic Procedure for Upgrading an Aggregation Device | 76

Upgrading an Aggregation Device with Redundant Routing Engines | 79

Preparing the Switch for Satellite Device Conversion | 79

Converting a Satellite Device to a Standalone Device | 81

Upgrading an Aggregation Device | 83

Upgrade and Downgrade Support Policy for Junos OS Releases | 84

Downgrading from Junos OS Release 19.2 | 84

Junos OS Release Notes for MX Series 5G Universal Routing Platform | 85

What’s New | 85

What’s New in 19.2R2 | 86

What’s New in 19.2R1-S4 | 86

What’s New in 19.2R1-S1 | 87

What’s New in 19.2R1 | 88

What's Changed | 106

What’s Changed in Release 19.2R2 | 106

What’s Changed in Release 19.2R1 | 110

Known Limitations | 113

General Routing | 114

Interfaces and Chassis | 116

Platform and Infrastructure | 117

Routing Protocols | 117

Open Issues | 117

Class of Service (CoS) | 118

EVPN | 118

Forwarding and Sampling | 119

General Routing | 119

Infrastructure | 124

Interfaces and Chassis | 124

Junos Fusion Provider Edge | 125

Layer 2 Features | 125

MPLS | 125

Network Management and Monitoring | 126

Platform and Infrastructure | 126

Routing Protocols | 127

User Interface and Configuration | 128

VPNs | 128

Resolved Issues | 129

Resolved Issues: 19.2R2 | 129

Resolved Issues: 19.2R1 | 158

Documentation Updates | 174

Installation and Upgrade Guide | 175

Subscriber Management Provisioning Guide | 175

Migration, Upgrade, and Downgrade Instructions | 176

Basic Procedure for Upgrading to Release 19.2 | 177

Procedure to Upgrade to FreeBSD 11.x based Junos OS | 177

Procedure to Upgrade to FreeBSD 6.x based Junos OS | 179

Upgrade and Downgrade Support Policy for Junos OS Releases | 181

Upgrading a Router with Redundant Routing Engines | 182

Downgrading from Release 19.2 | 182

Junos OS Release Notes for NFX Series | 183

What’s New | 183

What’s New in Release 19.2R2 | 184

What’s New in Release 19.2R1 | 184

Architecture | 184

Application Security | 184

Virtual Network Functions | 184

What’s Changed | 185

What’s Changed in Release 19.2R2 | 186

What’s Changed in Release 19.2R1 | 186

Known Limitations | 186

Interfaces | 187

Platform and Infrastructure | 187

Virtual Network Functions (VNFs) | 188

Open Issues | 188

Interfaces | 189

Platform and Infrastructure | 189

Routing Protocols | 190

Virtual Network Functions (VNFs) | 190

Resolved Issues | 191

Resolved Issues: 19.2R2 | 191

Resolved Issues: 19.2R1 | 193

Documentation Updates | 194

Migration, Upgrade, and Downgrade Instructions | 194

Upgrade and Downgrade Support Policy for Junos OS Releases | 195

Basic Procedure for Upgrading to Release 19.2 | 195

Junos OS Release Notes for PTX Series Packet Transport Routers | 196

What's New | 197

New and Changed Features: 19.2R2 | 198

New and Changed Features: 19.2R1-S4 | 198

New and Changed Features: 19.2R1-S1 | 199

New and Changed Features: 19.2R1 | 200

What’s Changed | 205

What’s Changed in Release 19.2R2 | 205

What’s Changed in Release 19.2R1 | 207

Known Limitations | 209

General Routing | 210

Interfaces and Chassis | 210

Open Issues | 211

General Routing | 211

Interfaces and Chassis | 212

Layer 2 Ethernet Services | 212

Routing Protocols | 212

Resolved Issues | 212

Resolved Issues: 19.2R2 | 213

Resolved Issues: 19.2R1 | 216

Documentation Updates | 219

Installation and Upgrade Guide | 219

Migration, Upgrade, and Downgrade Instructions | 220

Basic Procedure for Upgrading to Release 19.2 | 220

Upgrade and Downgrade Support Policy for Junos OS Releases | 223

Upgrading a Router with Redundant Routing Engines | 223

Junos OS Release Notes for the QFX Series | 224

What's New | 224

What’s New in Release 19.2R2 | 225

What's New in Release 19.2R1-S1 | 225

What's New in Release 19.2R1 | 226

What's Changed | 234

What’s Changed in Release 19.2R2 | 234

What’s Changed in Release 19.2R1 | 237

Known Limitations | 239

EVPN | 239

Layer 2 Features | 239

Platform and Infrastructure | 239

Routing Protocols | 240

Open Issues | 241

EVPN | 241

Infrastructure | 242

Interfaces and Chassis | 242

Layer 2 Features | 242

MPLS | 242

Platform and Infrastructure | 242

Routing Protocols | 245

Virtual Chassis | 245

Resolved Issues | 246

Resolved Issues: 19.2R2 | 246

Resolved Issues: 19.2R1 | 260

Documentation Updates | 266

Installation and Upgrade guide | 266

Migration, Upgrade, and Downgrade Instructions | 267

Upgrading Software on QFX Series Switches | 267

Installing the Software on QFX10002-60C Switches | 270

Installing the Software on QFX10002 Switches | 270

Upgrading Software from Junos OS Release 15.1X53-D3X to Junos OS Release

15.1X53-D60, 15.1X53-D61.7, 15.1X53-D62, and 15.1X53-D63 on QFX10008 and QFX10016 Switches | 271

Installing the Software on QFX10008 and QFX10016 Switches | 273

Performing a Unified ISSU | 277

Preparing the Switch for Software Installation | 278

Upgrading the Software Using Unified ISSU | 278

Upgrade and Downgrade Support Policy for Junos OS Releases | 280

Junos OS Release Notes for SRX Series | 281

What’s New | 282

New and Changed Features: 19.2R2 | 282

New and Changed Features: 19.2R1-S1 | 283

New and Changed Features: 19.2R1 | 283

What's Changed | 292

Release 19.2R2 Changes in Behavior and Syntax | 292

Release 19.2R1 Changes in Behavior and Syntax | 293

Known Limitations | 294

DHCP | 295

Flow-Based and Packet-Based Processing | 295

J-Web | 295

VPNs | 295

Open Issues | 296

Chassis Clustering | 297

Flow-Based and Packet-Based Processing | 297

Intrusion Detection and Prevention (IDP) | 297

J-Web | 297

Platform and Infrastructure | 298

Routing Policy and Firewall Filters | 298

VPNs | 298

Resolved Issues | 299

Resolved Issues: 19.2R2 | 299

Resolved Issues: 19.2R1 | 309

Documentation Updates | 316

Migration, Upgrade, and Downgrade Instructions | 316

Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life

Releases | 316

Upgrading Using ISSU | 318

Licensing | 318

Compliance Advisor | 318

Finding More Information | 319

Documentation Feedback | 319

Requesting Technical Support | 320

Self-Help Online Tools and Resources | 320

Opening a Case with JTAC | 321

Revision History | 321

Introduction

Junos OS runs on the following Juniper Networks®hardware: ACX Series, EX Series, M Series, MX Series,

NFX Series, PTX Series, QFabric systems, QFX Series, SRX Series, T Series, and Junos Fusion.

These release notes accompany Junos OS Release 19.2R1 for the ACX Series, EX Series, MX Series, NFX Series, PTX Series, QFX Series, SRX Series, and Junos Fusion. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

New Features in 19.2R2

Release Note SectionsFeatures

“What’s New” on page 85Support for 64-bit architecture added for use of management

interface in a non-default routing instance in op scripts and JET

applications (MX Series)

Implement new MIBs using telemetry-based model (MX Series and

PTX Series)

Option to pause BGP multipath computation during BGP peering

churn (MX Series, PTX Series, and QFX Series)

“What’s New” on page 85 and “What's New” on

page 197

“What’s New” on page 85, “What's New” on

page 197, and “What's New” on page 224

“What’s New” on page 85CoA messages support Session-Timeout attribute (MX Series)

“What’s New” on page 282HTTP X-Forwarded-For header support in IDP (SRX Series)

Junos OS Release Notes for ACX Series

IN THIS SECTION

What's New | 11

What's Changed | 16

Known Limitations | 19

Open Issues | 21

Resolved Issues | 24

Documentation Updates | 29

Migration, Upgrade, and Downgrade Instructions | 30

These release notes accompany Junos OS Release 19.2R2 for the ACX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

IN THIS SECTION

What's New in Release 19.2R2 | 11

What's New in Release 19.2R1-S1 | 12

What's New in Release 19.2R1 | 12

Learn about new features introduced in the Junos OS main and maintenance releases for ACX Series routers.

What's New in Release 19.2R2

There are no new features on ACX Series in Release 19.2R2.

What's New in Release 19.2R1-S1

Routing Protocols

Decouple RSVP for IGP-TE (MX Series, PTX Series, ACX Series, QFX Series, SRX Series, and EX

•

Series)—Starting in Junos OS Release 19.2R1-S1, device can advertise selective traffic-engineering attributes such as admin-color and maximum-bandwidth, without enabling RSVP, for segment routing and interior gateway protocol (IGP) deployments.

What's New in Release 19.2R1

Class of Service (CoS)

Support for class of service (CoS)(ACX6360 routers)—Starting in Junos OS Release 19.2R1, ACX6360

•

routers support class of service (CoS) functionality.

CoS is the assignment of traffic flows to different service levels. Service providers can use router-based CoS features to define service levels that provide different delay, jitter (delay variation), and packet loss characteristics to particular applications served by specific traffic flows.

[See CoS on ACX Series Universal Metro Routers Features Overview.]

EVPN

EVPN support of VLAN ID ranges and lists in service provider style interface configurations (EX9200

•

switches, ACX5448 and MX Series routers, and vMX virtual routers)—Starting in Junos OS Release

19.2R1, EX9200 switches, ACX5448 and MX Series routers, and vMX virtual routers support the use of VLAN ID ranges and lists in a service provider style interface configuration, which must be referenced in an EVPN routing instance. This configuration is supported with the following EVPN environments, services, and features:

Environments:

•

EVPN with VXLAN encapsulation

•

EVPN with MPLS encapsulation

•

VLAN bundle service:

•

E-LAN

•

E-Tree

•

E-Line

•

Feature:

•

EVPN multihoming:

•

All-active

•

Single-active

•

Singlehoming

•

[See VLAN ID Ranges and Lists in an EVPN Environment.]

Interfaces and Chassis

Support for 100-Mbps and 1-Gbps speeds on Tri-Rate Copper SFP (ACX5448 routers)—Starting in

•

Junos OS Release 19.2R1, ACX5448 routers support 100-Mbps and 1-Gbps speeds on Tri-Rate Copper SFP optics (part number 740-013111).

NOTE: 100-Mbps speed is supported only on ports xe-0/0/24 through xe-0/0/47.

10-Mbps speed is not supported on Tri-Rate Copper SFP due to hardware limitations.

To set the speed for the optics, issue the set interfaces interface-name speed auto command. [See

•

Speed for more details.]

To enable autonegotiation, issue the set interfaces interface-name gigether-options auto-negotiation

•

command. [See auto-negotiation.]

Junos Telemetry Interface

Support for LSP statistics on JTI (ACX6360)—Starting with Junos OS Release 19.2R1, you can provision

•

the LSP statistics sensor using the resource path /junos/services/label-switched-path/usage/ to monitor per-MPLS LSP statistics on the ACX6360 router and export telemetry data through Junos telemetry interface (JTI) to external collectors. You can stream data at configurable intervals through gRPC without involving polling.

JTI support is only for RSVP LSPs.

Statistics that are streamed are similar to the output displayed by the operational mode command show mpls lsp bypass statistics.

To provision a sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

To enable statistics for export from the Junos OS, include the sensor-based-stats statement at the [edit protocols mpls] hierarchy level.

[See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenConfig and gRPC

on Junos Telemetry Interface.]

•

the existing routing instance, such as a name configured under the [routing-instances] hierarchy level or mgmt_junos if system management-instance is configured (the dedicated management routing instance).

Configuring the routing instance lets you choose the VRF for gRPC services. When the routing instance is not configured, the default behavior is that all gRPC-related services are available through the management fxp0/em0) interface.

Layer 3 Features

Support for Layer 3 unicast features (ACX 6360)—Starting in Junos OS Release 19.2R1, ACX routers

•

support the following Layer 3 forwarding features for unicast IPv4 and IPv6 traffic:

Basic IPv6 forwarding

•

Virtual router (VRF-lite) for both IPv4 and IPv6

•

Layer 3 subinterfaces support for both IPv4 and IPv6

•

VRF-lite, subinterfaces, and IPv6 forwarding support on link aggregation groups (LAGs)

•

Statistics support for Layer 3 subinterfaces

•

32-way equal-cost multipath (ECMP)

•

Centralized Bidirectional Forwarding Detection (BFD)

•

IPv4 Layer 3 protocols:

•

OSPF

•

IS-IS

•

BGP

•

IPv6 Layer 3 protocols:

•

OSPFv3

•

RIPng

•

Network Management and Monitoring

Support for displaying valid user input in the CLI for command options and configuration statements

•

in custom YANG data models (ACX Series)—Starting in Junos OS Release 19.2R1, the CLI displays the set of possible values for a given command option or configuration statement in a custom YANG data model when you include the action-expand extension statement in the option or statement definition and reference a script that handles the logic. The action-expand statement must include the script child statement, which defines the Python action script that is invoked when a user requests context-sensitive help in the CLI for the value of that option or statement.

[See Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG

Modules.]

Software Installation and Upgrade

Zero Touch Provisioning (ACX5448)—Starting in Junos OS Release 19.2R1, Zero Touch Provisioning

•

(ZTP) automates the provisioning of the device configuration and software image with minimal manual intervention on management interface em0.

When you physically connect a router to the network and boot it with a factory configuration, the router upgrades the Junos OS software image automatically and automatically installs a configuration file from the network through the management interface.

[See Zero Touch Provisioning.]

System Management

Support for transferring accounting statistics files and router configuration archives using HTTP URL

•

(ACX Series)—Starting in Junos OS Release 19.2R1, you can transfer accounting statistics files and router configuration archives to remote servers by using an HTTP URL. In addition to SCP and FTP, the following HTTP URL will be supported under the archive-sites statement:

http://username@host:url-path password password

To transfer accounting statistics files, configure archive-sites under [edit accounting-options file

•

<filename>] hierarchy.

To transfer router configuration archival, configure archive-sites under edit system archival

•

configuration hierarchy.

To view the statistics of transfer attempted, succeeded, and failed, use the show accounting server

•

statistics archival-transfer command.

To clear the statistics of transfer attempted, succeeded, and failed, use the clear accounting server

•

statistics archival-transfer command.

[See archive-sites, Backing Up Configurations to an Archive Site, show accounting server statistics

archival-transfer, and clear accounting server statistics archival-transfer].

Precision Time Protocol (PTP) Transparent Clock with IPv6 Transport (PTX10001-20C and ACX6360-OR

•

devices)—Starting with Junos OS Release 19.2R1, PTP uses IPv6 transport to synchronize clocks throughout a packet-switched network. With a transparent clock, the PTP packets are updated with theresidence time as the packets pass through the switch. There is no master/slaved designation. End-to-end transparent clocks are supported. With an end-to-end transparent clock, only the residence time is included. The residence time can be sent in a one-step process, which means that the timestamps are sent in one packet.

You can configure the transparent clock at the [edit protocols ptp] Junos OS CLI hierarchy.

[See Understanding Transparent Clocks in Precision Time Protocol.]

SEE ALSO

What's Changed | 16

Known Limitations | 19

Open Issues | 21

Resolved Issues | 24

Documentation Updates | 29

Migration, Upgrade, and Downgrade Instructions | 30

What's Changed

IN THIS SECTION

What’s Changed in 19.2R2 | 17

What’s Changed in 19.2R1 | 17

Learn about what changed in the Junos OS main and maintenance releases for ACX Series routers.

What’s Changed in 19.2R2

General Routing

Support for gigether-options statement (ACX5048, ACX5096)—Junos OS supports the gigether-options

•

statement at the [edit interfaces interface-name] hierarchy on the ACX5048 and ACX5096 routers. Previously, support for the gigether-statement was deprecated.

[See gigether-options and ether-options.]

Interfaces and Chassis

Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX

•

Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, and later, ACX Series routers support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

In earlier Junos OS releases, when you use a Layer 2 logical interface configuration (units with encapsulation vlan-bridge configuration), then you must add the logical interface as part of a bridge domain or EVPN routing instance for the commit to succeed.

Operation, Administration, and Maintenance (OAM)

Performance monitoring history data is lost when a change in number of supported history records is

•

detected (ACX Series and MX Series)—In Junos OS Release 19.2R2, when Ethernet connectivity fault management starts, it detects the number of history records supported by the existing Performance Monitoring history database and if there is any change from the number of history records supported (that is, 12) in Release 19.2R2, then the existing performance monitoring history database is cleared and all performance monitoring sessions are restarted with mi-index 1.

Routing Protocols

XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX

•

Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release

19.2R2, we have included an XML RPC equivalent for the show bgp output-scheduler | display xml rpc CLI command. In Junos OS releases before Release 19.2R2, the show bgp output-scheduler | display xml rpc CLI command does not have an XML RPC equivalent.

[See show bgp output-scheduler.]

What’s Changed in 19.2R1

Interfaces and Chassis

Monitoring information available only in trace log (ACX Series)—In Junos OS Release 19.2R1 and later,

•

the Ethernet link fault management daemon (lfmd) in the peer router stops monitoring the locally occurred errors until ISSU completes. You can view the monitoring-related details only through the trace log file.

Junos OS XML, API, and Scripting

Mandatory configurations and omission of <database-status-information> tag in platforms supporting

•

Open ROADM standard (ACX6160-T)—Starting in Junos OS Release 19.2R1, it is mandatory to apply rfc-compliant option at the [edit system services netconf] hierarchy level and unhide option at the [edit system services netconf unified] hierarchy level. Also, <database-status-information> tag is omitted for <get> RPC query.

[See <get> and netconf.]

Network Management and Monitoring

The show system schema command and <get-yang-schema> RPC require specifying an output directory

•

(ACX Series)—Starting in Junos OS Release 19.2R1, when you issue the show system schema operational mode command in the CLI or execute the <get-yang-schema> RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the <output-directory> element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.

Custom YANG RPC support for input parameters of type empty (ACX Series)—Starting in Junos OS

•

Release 19.2R1, custom YANG RPCs support input parameters of type empty when executing the RPC’s command in the Junos OS CLI, and the value passed to the action script is the parameter name. In earlier releases, input parameters of type empty are only supported when executing the RPC in a NETCONF or Junos XML protocol session, and the value passed to the action script is the string 'none'.

[See Creating Action Scripts for YANG RPCs on Devices Running Junos OS.]

VLAN Infrastructure

Specifying a descending VLAN ID range ( ACX5448 routers)—In Junos OS releases prior to Junos OS

•

Release 19.2R1, the system accepts a descending range—for example, 102-100, with the vlan-id-range configuration statement in the [edit interfaces interface-name unit logical-unit-number] hierarchy.

Starting with Junos OS Release 19.2R1, the system considers a descending range specified with vlan-id-range to be invalid and raises an error if you try to commit this configuration.

SEE ALSO

What's New | 11

Known Limitations | 19

Open Issues | 21

Resolved Issues | 24

Documentation Updates | 29

Migration, Upgrade, and Downgrade Instructions | 30

Known Limitations

IN THIS SECTION

General Routing | 19

Learn about known limitations in this release for ACX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

All PTP packets go to the best-effort queue instead of the network control queue. This is because of

•

the limitation on ACX5448 where DSCP values are not preserved. PR1361315

ACX6360 Junos telemetry interface or telemetry infrastructure does not support the interface-filtering

•

capability. Therefore, after you enable a particular sensor for telemetry, it is turned on for all the interfaces.

PR1371996

For an Ethernet (et) interface, only the PRE_FEC_SD defect is raised and no OTN alarm is raised.

•

PR1371997

On ACX6360, the CLI static-cak command encryption does not work between two ACX-OX transpoder

•

nodes. PR1389802

The ACX6360 TIC has only 8 CFP2-DCO ports, so chassis beacon show/requests to port numbers larger

•

than 7 do not work (as the ports don't exist) but also do not report an error. user@router> request chassis beacon fpc 0 pic-slot 1 port 15 on FPC 0 PIC 1 PORT 15 ON regress@node> show chassis beacon fpc 0 pic-slot 1 port-range lower-limit 0 upper-limit 15 FPC 0 PIC 1 PORT 0 ON FPC 0 PIC 1 PORT 1 ON FPC 0 PIC 1 PORT 2 ON FPC 0 PIC 1 PORT 3 ON FPC 0 PIC 1 PORT 4 ON FPC 0 PIC 1 PORT 5 ON FPC 0 PIC 1 PORT 6 ON FPC 0 PIC 1 PORT 7 ON FPC 0 PIC 1 PORT 8 ON FPC 0 PIC 1 PORT 9 ON FPC 0 PIC 1 PORT 10 OFF FPC 0 PIC 1 PORT 11 OFF FPC 0 PIC 1 PORT 12 OFF FPC 0 PIC 1 PORT 13 OFF FPC 0 PIC 1 PORT 14 OFF FPC 0 PIC 1 PORT 15 ON PR1399335

When the timing configuration and the corresponding interface configuration is flapped for multiple

•

times in iteration, PTP is stuck in "INITIALIZE" state where the ARP for the neighbor is not resolved. In issue state, BCM hardware block get into inconsistency state, where the lookup is failing. PR1410746

The input packet count given under the traffic statistics includes all packets that are coming in. The

•

statistics are not segregated as IPv4, IPv6, MPLS, and so on. This is the same behavior across all the ACX Series platforms. PR1419143

Hardware-based fragmentation or reassembly is not supported. Software-based fragmentation rates

•

are going to be extremely slow depending CPU load. PR1419371

In the output of show SNMP mib walk jnxBoxAnatomy, the chassis CLEI code and contents model is

•

reading data from the I2C bus and EEPROM. Because the fan is not present on the i2c bus and does not have EEPROM, fan data cannot be displayed for chassis cleicode and contents model. PR1420639

There is no support on separate counters for tail-dropped packets. Counters are reflected as part of

•

RED-dropped packets. PR1427148

When end device (fan tray CPLD) I2C line is grounded or pulled low, which is leading to other device

•

write/reads are failing. PR1427222

These error messages can be seen sometimes if the optics is being unplugged in between the eeprom

•

read. This is expected and does not impact any functionality. PR1429016

Packet rates are not seen for aggregated Ethernet logical interface. PR1429590

•

Multicast packets are flooded in a BD if snooping is not enabled. If interfaces x and y belong to a BD,

•

then all multicast packets will be flooded to both x and y interface. If packets are received from interface x, packets will be flooded to x & y in ingress but discarded in the egress path for interface x because the packet is received from the same interface. But these packets are also counted in the VOQ and hence we are seeing more queue statistics. It is a known hardware limitation. monitor interface xe-0/0/30Input

packets: 177958 (64 pps) [0]Output packets: 357306 (128 pps) [0] monitor interface xe-0/0/12Input packets: 361161 (128 pps) [642]Output packets: 179878 (63 pps) [320] user@router> show interfaces queue xe-0/0/30 Queue: 0, Forwarding classes: best-effortQueued:Packets : 544032 192 pps . => Sum of 64 + 128pps root@rioxd-p2a-a> show interfaces queue xe-0/0/12 Queue: 0, Forwarding classes: best-effortQueued:Packets : 550929 192 pps . => Sum of 64 + 128pps. PR1429628

Any packet greater than the MTU size are accounted for as oversized packets. Packets exceeding MTU

•

sizes are not considered for Jabber check. PR1429923

The statistics are accessed through ACX5448-D API, which is the same for both tagged and untagged

•

packets. This cannot be changed in accordance with MX Series, because it is direct access from ACX5448-D without any statistics changes specific to tagging from the ACX5448 side. The issue will impact other statistics if changes are made. PR1430108

The port LEDs glowing during system/vmhost halt state is the expected behavior across all ACX Series

•

platforms. Even the system LED glows during halt state. PR1430129

These are initial transient messages seen. They do not have any functional impact. PR1430355

•

1-Gigabit Ethernet interfaces are shown as 'xe'. Therefore, the cosmetic issue is observed with respect

•

to autonegotiation parameters although there is no impact on functionality. PR1430835

If Layer 2 VPN sessions have OAM control-channel option set to <router-alert-label>, the

•

<no-control-word> option in the Layer 2 VPN shouldn't be used for BFD sessions to come up. PR1432854

BCM SDK currently does not supporting stats today, we see routes are getting reinstalled on a periodic

•

basis. SDK does not support stats unless we move to Flex mode in KBP. This is a product limitation today. PR1435579

New rate of 1.8 MBps if it is megabyte per second takes 16-17 minutes to copy the ACX5448 image

•

(1.9G image size) - RIO rates are less than Misha because rate limiter is in bps and does not support pps-based (HW limitation from DNX)*Avg size is 512 - hence rate is approx 1/3rd of Misha rate. In file copy cases -- normal pkt size seen are 1500 pkt sizes. PR1439960

The hold timer expiry is common across all platforms. It is not specific to ACX5448 platforms. PR1439980

•

Remote loopback is not supported on ACX5448-D. PR1443517

•

The PEM entries for jnxFruName SNMP index are shown twice. PR1446215

•

ACX Series routers support only 900 joins of IGMPv3 users per second.PR1448146

•

2000 EVPN IRB scale is not hitting due to hardware limitation of filter entries that can be installed for

•

EVPN instances. We can support only a scale of 1000 IRB interfaces for Junos OS Release 19.2. This is Broadcom limitation and cannot be changed. PR1461309

Counters for filtering based on DA MAC and SA MAC are not supported because QMX doesn't have

•

any separate counter to count matched or dropped packets with interface MAC address. PR1463981

SEE ALSO

What's New | 11

What's Changed | 16

Open Issues | 21

Resolved Issues | 24

Documentation Updates | 29

Migration, Upgrade, and Downgrade Instructions | 30

Open Issues

IN THIS SECTION

General Routing | 22

MPLS | 24

Learn about open issues in this release for ACX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

General Routing

Forwarding when using a nonexisting SSM map source address in IGMPv3 instead of pruning. This is a

•

day 1 design issue, and needs a design solution. PR1126699

When Layer 3 packets are classified, DiffServ code points are not preserved but are getting lost at the

•

egress interface because of a chipset limitation. PR1322142

ACX5448: When a 1-Gigabit SFP transceiver is plugged into the router, autonegotiation is enabled by

•

default. There is no functional impact. Only the output of show interfaces <intf-name> extensive CLI command show the autonegotiation field as disabled. PR1343679

If set interfaces ae<>xaggregated-ether-options link-speed <x> configured in the router, the AE interface

•

remains down after reboot. The following error message is seen in logs: /kernel: kernel did not add link ae1, link speeds differ 1000000000 10000000000 /kernel: bundle ae1.0: link xe-0/3/0 not added due to speed mismatch PR1357012

Unexpected traffic loss is observed during link failure (FRR convergence) and link restoration test on

•

Layer 3 VPN traffic over LDP-OSPF MPLS LSP.

Steps to re-create:

1. Layer 3 VPN traffic was flowing end to end on the active path in steady state.

•

2. Link down state is induced on primary path and traffic is shifted to backup pathObservation: More

•

than expected traffic loss is observed (around 1.5 seconds)

3. Link is restored and the traffic is moved to the active path. Observation: More than expected traffic

•

loss is observed (around 21 seconds).

The traffic loss percentage is not consistent and varies across each run and this is the worst case traffic loss percentage observed. PR1387834

The switchover time observed was more than 50 minutes under certain soak test conditions with an

•

increased scale with a multiprotocol multirouter topology. PR1387858

IGMP packets over Layer 2 Circuit with Control-Word are dropped in ACX5048. PR1394301

•

A jnxIfOtnOperState trap notification is sent for all ot interfaces. PR1406758

•

Layer 2 rewrite is happening on regular bridge domain and VLAN interfaces, although there are some

•

service dependencies (VPLS in this case),due to which the egress interface map table is not updated properly with the Layer 2 rewrite map ID; as a result, the rewrite does not work. PR1414414

Policer-discarded packets are marked as color black. Black color is used to discard the packets in the

•

pipeline. These packets are not really enqueued into the queues (VoQs) in hardware. The HW queue statistics show this as discarded. However today, both actual-enqueued and the discarded counts are shown as queue-stats in software. This is a software queue-statistics show issue. PR1414887

Clock Class value is incorrect in Default Data (show ptp clock) when the slave interface is down in

•

PTP-OC device. PR1416421

Clock Class value is incorrect in Default Data (show ptp clock) when the slave interface is down in the

•

PTP-OC device. PR1416421

On ACX5448 devices, the zero-touch provisioning (ZTP) process will proceed with image upgrade even

•

in situations when there is a mismatch between the platform name of the software image stored on FTP or ZTP servers and the actual platform where the ZTP process is being run. PR1418313

There was a behavior change introduced as part of PR#1307666, where the inner VLAN tag is popped

•

out on the ingress side when an IP packet with double-tagged VLAN is received and this change is needed for IP packets to work on proper transmit on the egress interface. PR1422515

The request system reboot command on ACX5448 triggers a reboot on the host (Linux) instead of just

•

being limited to Junos OS. PR1426486

The em2 interface configuration is causing the FPC to crash during initialization and the FPC does not

•

come online. After you delete the em2 configuration and restart the router, FPC comes online. PR1429212

Traffic loss is seen if the configuration has /128 prefix routes and it is limited to /128 only. This is due

•

to a known issue tracked in PR 1445231. PR1429833

Any packet greater than MTU size will be accounted for as oversized packets. Packets exceeding MTU

•

sizes are not considered for Jabber check. PR1429923

The port LEDs glowing during system/vmhost halt state is the expected behavior across all ACX Series

•

platforms. Even the system LED glows during halt state. PR1430129

Packets dropped due to MTU checks in the output interface are not accounted for as MTU errors. All

•

packets with sizes greater than the MTU size are accounted for as oversized in the input interface.

PR1430446

Protocols get forwarded when using a nonexisting SSM map source address in IGMPv3 instead of pruning.

•

This is a day 1 design issue and needs a design solution. PR1435648

On ACX5448, after deactivating and then activating CoS, traffic drop might be seen. PR1436494

•

In a certain test conditions, it was observed that Layer 2 VPN at a scale of 16,000 had issues when all

•

VPNs were brought down and then up. PR1439471

Recovery of Junos volume is not possible from OAM menu. PR1446512

•

Drop profile maximum threshold might not be reached when the packet size is other than 1000 bytes.

•

This is due to the current design limitation. PR1448418

When a 10-Gigabit Ethernet interface working in 1-Gigabit Ethernet mode in ACX5448-D, is added to

•

a member link of an AE interface, the speed of AE is incorrectly shown as 10 Gbps. There is no functional impact. This is a display issue. PR1449887

It is not possible to form 125,000 IGMP groups with ACX5448 router receiving 125,000 IGMP v2 reports

•

per second. This is a product limitation from BCM and CPU host path queuing model. PR1454465

Issue is seen during unified ISSU to Junos OS Release 20.1, 20.2, and 19.4 releases. ISSU will be completed,

•

but the forwarding plane (PFE) will not function. Forwarding will be affected. PR1483959

High risk. To be committed after regression cycle on 20.3DCB. PR1488935

•

MPLS

The default behavior of local reversion has changed from Junos OS Release 16.1 and that impacts the

•

LSPs for which the ingress does not perform make-before-break. Junos OS does not perform make-before-break for no-CSPF LSPs. PR1401800

SEE ALSO

What's New | 11

What's Changed | 16

Known Limitations | 19

Resolved Issues | 24

Documentation Updates | 29

Migration, Upgrade, and Downgrade Instructions | 30

Resolved Issues

IN THIS SECTION

Resolved Issues: 19.2R2 | 25

Resolved Issues: 19.2R1-S1 | 28

Resolved Issues: 19.2R1 | 28

Learn which issues were resolved in the Junos OS main and maintenance releases for ACX Series routers.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.2R2

Class of Service (CoS)

The dfwd crash can be seen with the forwarding-class configuration in policers. PR1436894

•

General Routing

ACX5000 MacDrainTimeOut and bcm_port_update failed: Internal error. PR1284590

•

bcmDPC task is high even though Interupt START_BY_START flag set to 0. PR1329656

•

On an ACX Series router, the LED on a Gigabit Ethernet interface goes down when the 10-Mbps speed

•

is added. PR1385855

Link fault signaling (LFS) is not working on ACX5448 10/40/100GbE interfaces. PR1401718

•

Kernel memory leak in virtual-memory due to interface flaps (CVE-2020-1625). PR1407000

•

High CPU consumption for fxpc processes with class-of-service changes on AE interfaces. PR1407098

•

The optic comes with Tx enabled by default. As the port is administratively disabled, the port is stopped

•

but as the port has not been started, it does not disable Tx. PR1411015

ACX5448: 40G FEC on ACX5448 is default FEC is enabled need to align with our platforms MX/QFX

•

where FEC is NONE. PR1414649

ACX5448: BFD Timer values are not as per the configured 900ms with multiplier 3. The values are

•

showing 6.000 with multiplier 3 instead for most of the sessions. PR1418680

[ARP] ACX5448-D: 96000 ARPs are getting populated but only 47,000 next-hop entries are present.

•

Therefore, around 50% packet drop is observed. PR1426734

Drift messages in ACX2200, which is a PTP hybrid (PTP + Synchronous Ethernet) device. PR1426910

•

The chassisd process might crash with unsupported HCoS configuration when MX104 is used as the

•

fusion aggregation device. PR1430076

On ACX5448, upon reboot of an MC_LAG peer, when the peer comes up (but before hardware comes

•

up), there is a 10-20 second traffic hit on node1. PR1430910

ACX5448-D interface support: After chassis control restart, load balancing on the child interfaces of an

•

ae interface stops. PR1431206

The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355

•

ACX5448 might malfunction in encapsulating small packets if egress link is 40G or 100G. PR1434900

•

In ACX Series platforms, no-vrf-propagate-ttl might not work after the CoS configuration is deactivated

•

and then activated. PR1435791

LACP state might get stuck in 'Attached' state after disabling peer active members. PR1439268

•

Packet drop might be seen on an ACX Series platform when chained composite next hop is enabled for

•

L3VPN. PR1439317

Interface on ACX1100 remains down when using SFP-1FE-FX (740-021487). PR1439384

•

On ACX5448, DHCP packets are not transparent over Layer 2 circuit. PR1439518

•

When the interface is flapped between channelized configurations (25GbE to 100GbE), the AE interface

•

configuration is not cleaned up properly. PR1441374

ACX5448: Packet buffer error from Packet Forwarding Engine leading to memory leak when IGMP is

•

sent from NNI AC in Layer 2 circuit and VPLS. PR1442901

RED drops might be seen after link flaps or CoS configuration changes. PR1443466

•

ACX5448: The encapsulation flexible-vlan-tagging is not supported with the MPLS family; need to

•

provide commit error. PR1445046

ACX5448/18.3R1-S4.1 not performing proper dot1p CoS rewrite on interfaces configured with

•

l2circuit/local-switching/family ccc. PR1445979

In ACX Series routers, auto-exported routes between VRFs might not reply for ICMP echo requests.

•

PR1446043

Fans on an ACX5448-M might not be running at the correct speed. PR1448884

•

Layer 2 circuit with a backup-neighbor (hot-standby) configured might stop forwarding traffic after

•

failovers. PR1449681

Oper-state for et interface does not transition from 'init' to 'Normal'. PR1449937

•

FPC core files might be seen after changing the configuration of PTP or Synchronous Ethernet. PR1451950

•

Platforms: ACX5448-D interfaces support: After the 100-Gbps and 40-Gbps interfaces are disabled,

•

the Laser output power in show interfaces diagnostics optics shows some values. PR1452323

ACX5448 FPC crashed due to segmentation fault. PR1453766

•

Incorrect operating state displayed in SNMP trap for fan removal. PR1455577

•

ACX5048 SNMP polling will be stalled after a link flap or an SFP transceiver replacement, and

•

ACX_COS_HALP(acx_cos_gport_sched_set_strict_priority:987): Failed to detach logs will be seen.

PR1455722

ACX6360-OX: Enable the gigether option to configure Ethernet FEC on client ports. PR1456293

•

ACX5448-D and ACX5448-M devices do not display airflow information and temperature sensors as

•

expected. PR1456593

ACX5448 L2VPN with encapsulation-type ethernet stops passing traffic after a random port is added

•

with VLAN configuration. PR1456624

The rpd crash might be seen if a BGP route is resolved over the same prefix protocol next hop in an

•

inet.3 table that has both RSVP and LDP routes. PR1458595

Route resolution is not happening when the packet size is 10,000. PR1458744

•

Traffic might be silently dropped during link recovery in an open Ethernet access ring with ERPS

•

configured. PR1459446

ACX5000: SNMP MIB walk for jnxOperatingTemp not returning anything for FPC in new versions.

•

PR1460391

ACX5448-D interfaces and optics support: Sometimes, when the AE interfaces are brought up, there

•

are ARP resolution issues. PR1461485

On ACX Series platforms, the LLDP neighbor not up on a LAG after software upgrade to Junos OS

•

Release 18.2R3-S1. PR1461831

Memory leak on l2cpd process might lead to l2cpd crash. PR1469635

•

RED drop on interface even without any congestion. PR1470619

•

Egress queue statistics are not applicable to ae interface on model ACX5048. PR1472467

•

ERP might not come up properly when MSTP and ERP are enabled on the same interface. PR1473610

•

dcpfe core files are seen when disabling/enabling MACsec using Toby scripts. PR1479710

•

ACX5448 Layer 2 VPN with interface ethernet-ccc input-vlan-map/output-vlan-map can cause traffic

•

to be dropped silently. PR1485444

Interfaces and Chassis

Upgrade from releases before Junos OS Release 17.4R1 results in cfmd core files. PR1425804

•

MC-AE interface might show as unknown status if you are adding the subinterface as part of the VLAN

•

on the peer MC-AE node. PR1479012

Layer 2 Ethernet Services

DHCP request might get dropped in a DHCP relay scenario. PR1435039

•

Platform and Infrastructure

The REST API process becomes nonresponsive when a number of requests come at a high rate.

•

PR1449987

Routing Protocols

Export of loopback address to other VRF instances might not work on ACX Series, EX Series and QFX

•

Series platforms. PR1449410

The routing protocol process (rpd) crashes while processing a specific BGP update information.

•

PR1448425

MPLS LDP might still use stale MAC addresses of the neighbor even if the LDP neighbor's MAC address

•

changes. PR1451217

The rpd might crash continuously due to memory corruption in IS-IS setup. PR1455432

•

Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721

•

VPN

The l2circuit neighbor might be stuck in RD state at one end of MG-LAG peer. PR1498040

•

Resolved Issues: 19.2R1-S1

General Routing

Link Fault Signaling (LFS) do not work on ACX5448, ACX5410, ACX5440, and 100-Gigabit Ethernet

•

interfaces. PR1401718

In an ACX5448 platforms, when the Packet Forwarding Engine failed to allocate packet buffer, portion

•

of packet memories might not be free. PR1442901

Resolved Issues: 19.2R1

Class of Service (CoS)

The error message STUCK_BUFF : port_sp not empty for port 35 sp 1 pkts:1 is seen when a lag bundle

•

is configured with 64 lag links.. PR1346452

General Routing

The 1G copper module interface shows "Link-mode: Half-duplex". PR1286709

•

On an ACX ring topology, after link between ACX and MX flaps, VPLS RI on PE (MX) has no MAC of CE

•

over l2circuit. PR1360967

ACX5000: fpc0 (acx_rt_ip_uc_lpm_install:LPM route add failed error) Reason : Invalid parameter after

•

configuring lpm-profile. PR1365034

ACX5448: LIBCOS_COS_TVP_FC_INFO_NOT_FOUND: Forwarding-class information not specified"

•

prints while committing on configuration prompt. PR1376665

On ACX5448, channelized ET interface of 25-Gigabit interface will not come up after chassis-control

•

restart. PR1379288

ACX 5448:100 Gigabit link FEC enabled by default on 100G LR4. PR1389518

•

On ACX Series platforms, the forwarding-option dhcp-relay forward-only command stops working and

•

the DHCP packets are dropped. PR1392261

On ACX5048, RPM RFC 2544 benchmarking test failed to start. PR1395730

•

CFM adjacency is not going down with distinct intervals. PR1397883

•

Dynamic tunnels are not supported on ACX Series routers. PR1398729

•

VLAN tagged traffic arriving on VPLS interface might get dropped. PR1402626

•

ot/et interface is not created when invalid speed is configured. PR1403546

•

ACX 5448: TrTCM Policer configuration parameters are as per RFC4115. PR1405798

•

The show services inline stateful-firewall flow or show services inline stateful-firewall flow extensive

•

command might cause a memory leak. PR1408982

ACX Series routers drop DNS responses that contain an underscore. PR1410062

•

VPLS traffic might stop across ACX5000 with the aggregated Ethernet interface. PR1412042

•

Junos PCC might reject PCUpdate/PCCreate message if there is metric type other than type 2. PR1412659

•

Number of inet-arp policers implemented on ACX5000 has been increased from 16 to 64. PR1413807

•

Swap memory is not initialized on boot on ACX5048. PR1415898

•

Commit error while configuring firewall with term having log/syslog and accept actions. PR1417377

•

CoS table error can sometimes cause traffic outages and SNMP timeouts if the optic is plugged out and

•

inserted back. PR1418696

Slow copy image speed to ACX5448. PR1422544

•

SEE ALSO

What's New | 11

What's Changed | 16

Known Limitations | 19

Open Issues | 21

Documentation Updates | 29

Migration, Upgrade, and Downgrade Instructions | 30

Documentation Updates

IN THIS SECTION

Installation and Upgrade Guide | 30

This section lists the errata and changes in Junos OS Release 19.2R2 for the ACX Series documentation.

Installation and Upgrade Guide

Veriexec explained (ACX Series)—Verified Exec (also known as veriexec) is a file-signing and verification

•

scheme that protects the Junos operating system (OS) against unauthorized software and activity that might compromise the integrity of your device. Originally developed for the NetBSD OS, veriexec was adapted for Junos OS and enabled by default from Junos OS Release 7.5 onwards.

[See Veriexec Overview.]

SEE ALSO

What's New | 11

What's Changed | 16

Known Limitations | 19

Open Issues | 21

Resolved Issues | 24

Migration, Upgrade, and Downgrade Instructions | 30

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Upgrade and Downgrade Support Policy for Junos OS Releases | 30

This section contains the upgrade and downgrade support policy for Junos OS for the ACX Series Router. Upgrading or downgrading Junos OS might take several minutes, depending on the size and configuration of the network.

For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 17.1,

17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

You cannot upgrade directly from a non-EEOL release to a release that is more than three releases ahead or behind. To upgrade or downgrade from a non-EEOL release to a release more than three releases before or after, first upgrade to the next EEOL release and then upgrade or downgrade from that EEOL release to your target release.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

For information about software installation and upgrade, see the Installation and Upgrade Guide.

SEE ALSO

What's New | 11

What's Changed | 16

Known Limitations | 19

Open Issues | 21

Resolved Issues | 24

Documentation Updates | 29

Junos OS Release Notes for EX Series Switches

IN THIS SECTION

What’s New | 32

What’s Changed | 38

Known Limitations | 41

Open Issues | 43

Resolved Issues | 46

Documentation Updates | 58

Migration, Upgrade, and Downgrade Instructions | 59

These release notes accompany Junos OS Release 19.2R2 for the EX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

IN THIS SECTION

What’s New in Release 19.2R2 | 33

Whats’s New in Release 19.2R1-S1 | 33

What’s New in Release 19.2R1 | 33

Learn about new features introduced in the Junos OS main and maintenance releases for EX Series switches.

NOTE: The following EX Series switches are supported in Release 19.2R2: EX2300, EX2300-C,

EX3400, EX4300, EX4600-40F, EX4650, EX9200, EX9204, EX9208, EX9214, EX9251, and EX9253.

What’s New in Release 19.2R2

There are no new features or enhancements to existing features for EX Series switches in Junos OS Release

19.2R2.

Whats’s New in Release 19.2R1-S1

Routing Protocols

Decouple RSVP for IGP-TE (MX Series, PTX Series, ACX Series, QFX Series, SRX Series, and EX

•

What’s New in Release 19.2R1

Authentication, Authorization, and Accounting (AAA)

802.1X authentication (EX4650 switches)—Starting with Junos OS Release 19.2R1, EX4650 switches

•

support port-based network access control using 802.1X authentication as defined in the IEEE 802.1X standard.

[See 802.1X for Switches Overview.]

Dynamic Host Configuration Protocol

Support for DHCP snooping and other access port security features on private VLANs (EX4300-MP

•

switches and Virtual Chassis)—Starting in Junos OS Release 19.2R1, you can enable DHCP snooping for security purposes on access ports that are in a private VLAN (PVLAN). You can also protect those ports with DHCP options, dynamic ARP inspection (DAI), IP source guard, and neighbor discovery inspection.

[See Putting Access Port Security on Private VLANs.]

EVPN

Support for BFD, BGP, IS-IS, and OSPF on IRB interfaces in EVPN-MPLS networks (EX series)—Starting

•

with Junos OS Release 19.2R1, you can configure Bidirectional Forwarding Detection (BFD), BGP, IS-IS, and OSPF routing protocols on the IRB interface in an EVPN-MPLS network to route and forward EVPN traffic. This feature supports single-homed, single-active, and all-active multihomed networks.

[See EVPN with IRB Solution Overview.]

EVPN support of VLAN ID ranges and lists in service provider style interface configurations (EX9200

•

switches)—Starting in Junos OS Release 19.2R1, EX9200 switches, ACX5448 and MX Series routers, and vMX virtual routers support the use of VLAN ID ranges and lists in a service provider style interface configuration, which must be referenced in an EVPN routing instance. This configuration is supported with the following EVPN environments, services, and features:

Environments:

•

EVPN with VXLAN encapsulation

•

EVPN with MPLS encapsulation

•

VLAN bundle service:

•

E-LAN

•

E-Tree

•

E-Line

•

Features:

•

EVPN multihoming:

•

All-active

•

Single-active

•

Singlehoming

•

[See VLAN ID Ranges and Lists in an EVPN Environment.]

Support for control word in EVPN-VPWS (EX9200 switches)—Starting with Junos OS Release 19.2R1,

•

Junos OS supports the insertion of a control word between the label stack and the MPLS payload in a network with EVPN-VPWS service. This feature prevents a transit device from delivering out-of-order packets as a result of the device’s load-balancing hashing algorithm. When you enable the control word feature on a PE device, the PE device advertises support for a control word. If all the PE devices in an EVI on the EVPN-VPWS serviced network support control word, then the PE device inserts a control word between the label stack and the L2 header in the packet thus preventing the packet from being misidentified by transit devices.

[See Control Word for EVPN-VPWS.]

JWeb

Support for EX4650 switches—Starting in Junos OS Release 19.2R1, you can use J-Web to configure,

•

monitor, and manage EX4650 switches.

To configure the EX4650 switch using the J-Web interface, you must connect the cable to the port labeled CON on the rear panel of the switch.

NOTE: In J-Web, the chassis viewer displays only the standalone EX4650 switches view. It

does not display the Virtual Chassis configuration because the EX4650 switch does not support the Virtual Chassis configuration.

[See Dashboard for EX Series Switches and Connecting and Configuring an EX Series Switch (J-Web

Procedure).]

Layer 2 Features

L2PT support (EX4300 multigigabit switches)—Starting with Junos OS Release 19.2R1, you can configure

•

Layer 2 protocol tunneling (L2PT) for the following protocols on EX4300 multigigabit switches (EX4300-48MP models): CDP, E-LMI, GVRP, IEEE 802.1X, IEEE 802.3AH, LACP, LLDP, MMRP, MVRP, STP (including RSTP and MSTP), UDLD, VSTP, and VTP.

[See Layer 2 Protocol Tunneling.]

Multicast

Support for multicast traffic counters (EX4300, EX4300-MP, EX4300 Virtual Chassis)—Starting with

•

Junos OS Release 19.2R1, you can use firewall filters to count packets and check the bandwidth of multicast traffic received by a host from a particular source and group in a routing instance. To enable this feature, include the multicast-statistics statement at the [edit system packet-forwarding-options] hierarchy level. To check the packet count and bandwidth for each multicast route, use the show multicast route extensive command.

[See multicast-statistics (system-packet forwarding).]

IGMP snooping with private VLANs (EX4300 multigigabit switches)—Starting in Junos OS Release

•

19.2R1, EX4300 multigigabit switches (EX4300-48MP models) support IGMP snooping with private VLANs (PVLANs). A PVLAN consists of secondary isolated and community VLANs configured within a primary VLAN. Without IGMP snooping support on the secondary VLANs, switches receive multicast streams on a primary VLAN and flood them to the secondary VLANs. This feature extends IGMP snooping on a primary VLAN to its secondary VLANs to further constrain multicast streams only to interested receivers on PVLANs. When you enable IGMP snooping on a primary VLAN, you implicitly enable it on all secondary VLANs, and the secondary VLANs learn the multicast group information on the primary VLAN.

NOTE: Ports in a secondary VLAN cannot be used as IGMP multicast router interfaces.

Secondary VLANs can receive multicast data streams ingressing on promiscuous trunk ports or inter-switch links acting as multicast router interfaces.

[See IGMP Snooping Overview.]

Network Management and Monitoring

Support for displaying valid user input in the CLI for command options and configuration statements

•

in custom YANG data models (EX Series)—Starting in Junos OS Release 19.2R1, the CLI displays the set of possible values for a given command option or configuration statement in a custom YANG data model when you include the action-expand extension statement in the option or statement definition and reference a script that handles the logic. The action-expand statement must include the script child statement, which defines the Python action script that is invoked when a user requests context-sensitive help in the CLI for the value of that option or statement.

[See Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG

Modules.]

Port Security

Stateless address autoconfiguration (SLAAC) snooping (EX2300, EX3400, EX4300, and Virtual

•

Chassis)—Starting in Junos OS Release 19.2R1, Junos OS supports SLAAC snooping on EX2300, EX2300 VC, EX3400, EX3400 VC, EX4300, and EX4300 VC. IPv6 clients using SLAAC for dynamic address assignment are validated against the SLAAC snooping binding table before being allowed access to the network.

[See IPv6 Stateless Address Autoconfiguration (SLAAC) Snooping.]

Fallback PSK for Media Access Control Security (MACsec) (EX Series)—Starting in Junos OS Release

•

19.2R1, fallback PSK for MACsec is supported on EX Series routers that support MACsec. The fallback PSK provides functionality to establish a secure session in the event that the primary PSKs on each end of a MACsec-secured link do not match.

[See Configuring MACsec on EX, SRX and Fusion Devices.]

Support for 802.1X authentication on private VLANs (PVLANs) (EX4300-48MP switches and Virtual

•

Chassis)—Starting in Junos OS Release 19.2R1, you can enable 802.1X (dot1x) authentication for security purposes on access ports that are in a PVLAN.

PVLANs provide Layer 2 isolation between ports within a VLAN, splitting a broadcast domain into multiple discrete broadcast subdomains by creating secondary VLANs. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts.

Authentication prevents unauthenticated devices and users from gaining access to your LAN. For 802.1X and MAC RADIUS authentication, end devices must be authenticated before they receive an IP address from a DHCP server.

On a switch that is configured with both 802.1X authentication and PVLANs, when a new device is attached to the PVLAN network, the device is authenticated and then is assigned to a secondary VLAN based on the PVLAN configuration or RADIUS profile. The device then obtains an IP address and receives access to the PVLAN network.

[See Using 802.1X Authentication and Private VLANs Together on the Same Interface.]

Media Access Control security with 256-bit cipher suite (EX4300)—Starting in Junos OS Release 19.2R1,

•

the GCM-AES-256 cipher suite for MACsec in static CAK mode is supported on the 2-port QSFP+/1-port QSFP28 uplink module for EX4300-48MP switches. The GCM-AES-256 cipher suite has a maximum key length of 256 bits and is also available with extended packet numbering (GCM-AES-XPN-256).

[See Understanding Media Access Control Security (MACsec).]

Support for MACsec PSK keychain (EX9253)—Starting in Junos OS Release 19.2R1, EX9253 switches

•

support MACsec PSK chains hitless rollover and Key Agreement Protocol Fail Open mode.

[See Configuring MACsec on EX, SRX and Fusion Devices.]

System Management

Support for transferring accounting statistics files and router configuration archives using HTTP URL

•

(EX Series)—Starting in Junos OS Release 19.2R1, you can transfer accounting statistics files and router configuration archives to remote servers by using an HTTP URL. In addition to SCP and FTP, the following HTTP URL will be supported under the archive-sites statement:

http://username@host:url-path password password

To transfer accounting statistics files, configure archive-sites under [edit accounting-options file

•

<filename>] hierarchy.

To transfer router configuration archival, configure archive-sites under edit system archival

•

configuration hierarchy.

To view the statistics of transfer attempted, succeeded, and failed, use the show accounting server

•

statistics archival-transfer command.

To clear the statistics of transfer attempted, succeeded, and failed, use the clear accounting server

•

statistics archival-transfer command.

[See archive-sites, Backing Up Configurations to an Archive Site, show accounting server statistics

archival-transfer, and clear accounting server statistics archival-transfer].

SEE ALSO

What’s Chnaged | 38

Known Behavior | 41

Open Issues | 43

Resolved Issues | 46

Documentation Updates | 58

Migration, Upgrade, and Downgrade Instructions | 59

What’s Changed

IN THIS SECTION

What’s Changed in Release 19.2R2 | 38

What’s Changed in Release 19.2R1-S5 | 39

What’s Changed in Release 19.2R1 | 40

Learn about what changed in Junos OS main and maintenance releases for EX Series.

What’s Changed in Release 19.2R2

Interfaces and Chassis

Support for creating Layer 2 logical interfaces independently (ACX Series, EX Series, MX Series, PTX

•

Series, and QFX Series)—In Junos OS Releases 18.4R1, 18.4R2, 19.1R1, 19.1R2, 19.2R2, and later, EX Series switches support creating Layer 2 logical interfaces independent of the Layer 2 routing-instance type. That is, you can configure and commit the Layer 2 logical interfaces separately and add the interfaces to the bridge domain or Ethernet VPN (EVPN) routing instance separately. Note that the Layer 2 logical interfaces work fine only when they are added to the bridge domain or EVPN routing instance.

Logical Interface is created along with physical Interface by default (EX Series, MX Series, and QFX

•

Series)—In Junos OS Release 19.2R2 and later, logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces are created.

For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), is displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

Layer 2 Feature

input-native-vlan-push (EX2300, EX3400, EX4600, EX4650, and the QFX5000 line of switches)—In

•

Junos OS Release 19.2R2, we have introduced the configuration statement input-native-vlan-push at the [edit interfaces interface-name] hierarchy level. You can use this statement in a Q-in-Q tunneling configuration to enable or disable whether the switch inserts a native VLAN identifier in untagged frames received on the C-VLAN interface, when the configuration statement input-vlan-map with a push operation is configured.

[See input-native-vlan-push.]

Multicast

Multicast Layer 2 transit traffic statistics by multicast source and group (EX4600, EX4650, and the

•

QFX5000 line of switches)—Starting in Junos OS Release 19.2R2, EX4600, EX4650, and the QFX5000 line of switches provide statistics on the packet count for each multicast group and source when passing multicast transit traffic at Layer 2 with IGMP snooping. Run the show multicast snooping route extensive CLI command to see this count in the Statistics: … n packets output field. The other statistics in that output field, kBps and pps, are not available (values displayed there are not valid statistics for multicast traffic at Layer 2). In earlier Junos OS releases, all three values in the Statistics output field for kBps, pps, and packets do not provide valid statistics for multicast traffic at Layer 2.

[See show multicast snooping route.]

Routing Protocols

XML RPC equivalent included for the show bgp output-scheduler | display xml rpc CLI command (ACX

•

Series, EX Series, MX Series, PTX Series, QFX Series, and SRX Series)—Starting in Junos OS Release

[See show bgp output-scheduler.]

What’s Changed in Release 19.2R1-S5

General Routing

Logical Interface is created along with physical Interface by default (EX Series switches, QFX Series

•

switches, MX Series routers)—The logical interface is created on ge, et, xe interfaces along with the physical interface, by default. In earlier Junos OS Releases, by default, only physical interfaces were created. For example, for ge interfaces, earlier when you view the show interfaces command, by default, only the physical interface (ge-0/0/0), was displayed. Now, the logical interface (ge-0/0/0.16386) is also displayed.

MPLS

IPv4 explicit-null label retained from the merged protocol MPLS label stack—The IPv4 explicit-null label

•

is retained from the merged protocol MPLS label stack, if the IPv4 explicit-null is at the bottom of the MPLS label stack.

What’s Changed in Release 19.2R1

Interfaces and Chassis

Deprecation of the [edit fabric protocols bgp] hierarchy level (EX Series)—Starting in Junos OS Release

•

19.2R1, the [edit fabric protocols bgp] hierarchy level is deprecated.

Network Management and Monitoring

The show system schema command and <get-yang-schema> RPC require specifying an output directory

•

(EX Series)—Starting in Junos OS Release 19.2R1, when you issue the show system schema operational mode command in the CLI or execute the <get-yang-schema> RPC in a remote session to retrieve schema files, you must specify the directory in which to generate the output files by including the output-directory command option in the CLI or the <output-directory> element in the RPC. In earlier releases, you can omit the output-directory argument when requesting a single module to display the module in standard output.

Custom YANG RPC support for input parameters of type empty (EX Series)—Starting in Junos OS

•

[See Creating Action Scripts for YANG RPCs on Devices Running Junos OS.]

Routing Protocols

Change in the default behavior of advertise-from-main-vpn-tables configuration statement—BGP now

•

advertises EVPN routes from the main bgp.evpn .0 table. You can no longer configure BGP to advertise the EVPN routes from the routing instance table. In earlier Junos OS Releases, BGP advertised EVPN routes from the routing instance table by default.

[See advertise-from-main-vpn-tables].

VLAN Infrastructure

Specifying a descending VLAN ID range (EX9200 switches)—In Junos OS releases prior to Junos OS

•

Starting with Junos OS Release 19.2R1, the system considers a descending range specified with vlan-id-range to be invalid and raises an error if you try to commit this configuration.

SEE ALSO

What’s New | 32

Known Behavior | 41

Open Issues | 43

Resolved Issues | 46

Documentation Updates | 58

Migration, Upgrade, and Downgrade Instructions | 59

Known Limitations

IN THIS SECTION

EVPN | 42

General Routing | 42

Platform and Infrastructure | 42

Learn about the Limitation PRs in Junos OS main and maintenance releases for EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

EVPN

When a VLAN uses an IRB interface as the routing interface, the VLAN-ID parameter must be set to

•

"none" to ensure proper traffic routing. This issue is platform independent. PR1287557

General Routing

With a MAC scale of 288,000 entries, the output of the Routing Engine show ethernet-switching table

•

summary command displays the learned scale entries after a delay of around 60 seconds. PR1367538

When the box is loaded and unloaded with MACsec configuration multiple times with operations made

•

continuously, L3 connectivity is been lost and hence stops the system followed by a reboot to resume operation. PR1416499

Platform and Infrastructure

Filters are installed only during route add if there is enough space. If the filter fails because of the

•

non-availability of TCAM space, those routes might not be processed for filter add later when space becomes available. PR1419926

SEE ALSO

What’s New | 32

What’s Chnaged | 38

Open Issues | 43

Resolved Issues | 46

Documentation Updates | 58

Migration, Upgrade, and Downgrade Instructions | 59

Open Issues

IN THIS SECTION

Authentication and Access Control | 43

General Routing | 43

Infrastructure | 44

Interfaces and Chassis | 45

Platform and Infrastructure | 45

Spanning Tree Protocols | 45

Learn about the open issues in hardware and software in Junos OS Release 19.2R2 for EX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

Before running the load ssl-certificate path PATHNAME command, configure the path using the set

•

protocols dot1x ssl-certificate-path PATHNAME command if the default pathname is not /var/tmp/.

PR1431086

General Routing

ARP queue limit has been changed from 100 pps to 3000 pps. PR1165757

•

In an EX2300 switch, the output of the show chassis routing-engine command might display an incorrect

•

value of Router rebooted after a normal shutdown for the last reboot reason field. PR1331264

When a VLAN is added as an action for changing the VLAN in both ingress and egress filters, the filter

•

will not be installed. PR1362609

An EX4300 configured with a firewall filter on lo0 and DHCP security on a VLAN simultaneously might

•

drop legitimate DHCP renew requests from clients on the corresponding VLANs. This occurs because of the implementation design and chipset limitation. PR1376454

On an EX9208 switch, a few xe- interfaces are going down with the error message

•

if_msg_ifd_cmd_tlv_decode ifd xe-0/0/0 #190 down with ASIC Error. PR1377840

After the MACsec session is deleted, the corresponding interfaces might lose their MACsec function if

•

LACP is enabled on them and the statement exclude lacp is configured under the [edit security macsec] hierarchy. PR1378710

DCPFE did not come up in some instances of abrupt power-off/power-on of EX4650. Power-cycle of

•

the device or host reboot will recover the device. PR1393554

There is a possibility of seeing multiple reconnect logs, JTASK_IO_CONNECT_FAILED message during

•

the device initialization. There is no functionality impact because of these messages. These messages can be ignored. PR1408995

On EX9200 devices with MCLAG configuration and other features enabled, there is a loss of approximately

•

20 seconds during restart of the routing daemon. This traffic loss varies with the configuration that is done. PR1409773

On EX4650 line of switches, uRPF check in strict mode might not work properly. PR1417546

•

On committing the configuration, the interface-range configuration defined over a wildcard range such

•

as ge-*/*/* is not supported. As a result, valid rages for STP port IDs are exceeded. The commit fails. Here is a sample configuration set interfaces interface-range RANGE1 member ge-*/*/* and set interfaces interface-range RANGE1 mtu 2000. PR1421446

In certain scenarios, IGMP transit query packets might not be flooded on the VLAN, causing momentary

•

drop in Layer 2 multicast traffic. PR1427542

On EX9200 and MX Series platforms running as PE nodes in an EVPN-VXLAN scenario, if the enhanced-ip

•

mode is enabled for chassis configuration, and the EVPN routing instance is configured with an integrated routing and bridging (IRB) interface, the unicast traffic that is sent through IRB over VTEP might get dropped because it could not get routed toward the core network due to this issue. PR1436924

On the EX9214 device, if the MACsec-enabled link flaps after reboot, the error errorlib_set_error_log():

•

err_id(-1718026239) is observed. PR1448368

Infrastructure

On EX3400 and EX2300 line of switches during ZTP with configuration and image upgrade with FTP

•

as file transfer, image upgrade is successful but sometimes VM core file might be generated. PR1377721

On EX Series switches, if you are configuring a large number of firewall filters on some interfaces, the

•

FPC might crash and generate core files. PR1434927

Interfaces and Chassis

On GRES, VSTP port cost on aggregated Ethernet interfaces might get changed, leading to a topology

•

change. PR1174213

Platform and Infrastructure

There are multiple failures when an event such as node reboot, ICL flap or ICCP flap occurs; and even

•

with enhanced convergence configured there is no guarantee that subsecond convergence will be achieved. PR1371493

On EX2300 and EX3400 platforms, when doing an upgrading operation, as image size grows over a

•

period of time and subsequently storage is insufficient to install images, the upgrade might fail with the error message not enough space to unpack. PR1464808

Spanning Tree Protocols

On committing interface-range configuration defined over wild-card range like ge-*/*/* is not supported.

•

As a result, exceeding valid range for stp-port-ids. The commit fails. Sample example configuration is

set interfaces interface-range RANGE1 member ge-*/*/* and set interfaces interface-range RANGE1 mtu 2000. PR1421446

After converging VSTP, if there is a VSTP configuration change and then BPDU might not be flooded

•

because of which port role might be in incorrect state in the adjacent switches. There is no loop created in the network. PR1443489

SEE ALSO

What’s New | 32

What’s Chnaged | 38

Known Behavior | 41

Resolved Issues | 46

Documentation Updates | 58

Migration, Upgrade, and Downgrade Instructions | 59

Resolved Issues

IN THIS SECTION

Resolved Issues: 19.2R2 | 46

Resolved Issues: 19.2R1 | 54

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.2R2

Class of Service (CoS)

Shaping does not work after the reboot if shaping-rate is configured. PR1432078

•

The traffic is placed in network-control queue on an extended port even if it comes in with a different

•

DSCP marking. PR1433252

EVPN

EVPN or MPLS IRB logical interfaces might not come up when local Layer 2 interfaces are down.

•

PR1436207

Configuring ESI on a single-homed 25-Gigabit Ethernet port might not work. PR1438227

•

An ARP request or a Neighbor Solicitation message might be sent back to the local segment by the

•

designated forwarder (DF) router. PR1459830

The rpd might crash after the EVPN-related configuration is changed. PR1467309

•

Forwarding and Sampling

Enable interface with input/output vlan-maps to be added to a routing instance configured with a VLAN

•

ID or VLAN tags (instance type virtual-switch/vpls). PR1433542

The l2ald process might experience memory leak on devices running Junos OS. PR1455034

•

Type 1 ESI/AD route might not be generated locally on EVPN PE devices in all-active mode. PR1464778

•

General Routing

Transit OSPF traffic over Q-in-Q tunneling might be dropped if a firewall filter is applied to loopback

•

interface. PR1355111

The l2ald process might crash and generate a core file on EX Virtual Chassis when converting a trunk

•

port to dot1x access port with tagged traffic flowing. PR1362587

The interface on a failed member FPC of EX2300 and EX3400 Virtual Chassis might stay up for 120

•

seconds. PR1422507

IPv6 multicast traffic received on one Virtual Chassis member might be dropped when exiting through

•

another Virtual Chassis member if MLD snooping is enabled. PR1423310

The MAC address pool might overlap between different switches. PR1425123

•

Virtual Chassis split is seen after the network topology is changed. PR1427075

•

The fxpc or the Packet Forwarding Engine process might crash on EX2300 and EX3400 switches.

•

PR1427391

Rebooting or halting a Virtual Chassis member might cause traffic on the RTG link to be down for about

•

30 seconds. PR1427500

The l2ald process crashes after the dot1x configuration is deleted when dot1x and private VLAN (PVLAN)

•

are enabled simultaneously on EX Series and QFX Series switches. PR1428469

A client might fail to get an IP address from the DHCPv6 server. PR1428769

•

The delay in transmission of BPDUs after GRES might result in loss of traffic on EX2300 and EX3400

•

Virtual Chassis. PR1428935

The EX4300-48MP switch cannot learn MAC addresses through some access ports that are directly

•

connected to a host when auto negotiation is used. PR1430109

Disabling DAC QSFP ports might not work on MX204, MX10003, or EX9251. PR1430921

•

Erroneous log messages and chassis environment output related to fan tray in EX4300MP-EX4300-48P

•

Virtual Chassis. PR1431263

The l2cpd process might crash and generate a core file when interfaces are flapping. PR1431355

•

Packet drop might be seen if native VLAN is configured along with flexible VLAN tagging. PR1434646

•

Micro BFD-session might flap upon inserting a QSFP transceiver into another port. PR1435221

•

Traffic drop might be seen after MACsec session key rollover between primary and fallback for more

•

than ten times. PR1435277

The multichassis aggregated Ethernet (mc-ae) interface might get stuck in the Waiting state in a dual

•

mc-ae scenario. PR1435874

i40e NVM upgrade support for EX9200 platform. PR1436223

•

The Gigabit Ethernet or multigigabit Ethernet SFP-T interface might not come up on EX2300, EX3400,

•

and EX4300 switches. PR1438078

Commit check error for VSTP on EX9200 switches: xSTP:Trying to configure too many interfaces for

•

given protocol.PR1438195

LED turns on even after the Virtual Chassis members are powered off. PR1438252

•

The DHCP Snooping table might be cleared for VLAN ID 1 after adding a new VLAN ID to it. PR1438351

•

The rpd might crash during the booting process in certain conditions. PR1438597

•

The dot1x configuration might not work when captive port is also configured on the interface on a

•

backup or non-master FPC. PR1439200

LACP state might get stuck in Attached state after disabling peer active members. PR1439268

•

On EX9200 DHCPv6 relay scenario, when DHCPv6 snooping and Neighbor Discovery Inspection (NDI)

•

are enabled simultaneously on an IRB interface, the DHCPv6 relay binding does not come up. PR1439844

The EX4600 and QFX5100 Virtual Chassis might not come up after you replace the Virtual Chassis port

•

fiber connection with a DAC cable. PR1440062

CPU might hang or an interface might be stuck down on a particular 1-Gigabit Ethernet port on MX

•

Series, EX Series, and PTX Series devices. PR1440526

MAC addresses learned on an RTG might not be aged out after a Virtual Chassis member is rebooted.

•

PR1440574

Clients in isolated VLANs might not get IP addresses after completing authentication when both

•

dhcp-security and dot1x are configured. PR1442078

EX3400 fan alarm (Fan X not spinning) appears and disappears repeatedly after the fantray (Absent) is

•

removed. PR1442134

The rpd might crash when BGP sends a notification message. PR1442786

•

DHCPv6 client might fail to get an IP address. PR1442867

•

The port role might be incorrect in STP after the STP configuration is changed. PR1443489

•

The /var/host/motd does not exist message is flooded every 5 seconds in chassisd logs. PR1444903

•

On EX4300-MP, the following log message is generated continuously: rpd[6550]: task_connect: task

•

AGENTD I/O.128.0.0.1+9500 addr 128.0.0.1+9500: Connection refused. PR1445618

Major alarm log messages are seen for temperature conditions at 56 degrees Celsius. PR1446363

•

The traffic might be dropped when a firewall filter rule uses then vlan as the action in a Virtual Chassis

•

scenario. PR1446844

Phone home on EX Series devices because sysctl cannot read the device serial number. PR1447291

•

EX3400 Virtual Chassis might go into hang state when a disk error occurs on EX3400. PR1447853

•

Unicast ARP requests are not replied to with the no-arp-trap option. PR1448071

•

On EX3400, IPv6 routes received through BGP do not show the correct age time. PR1449305

•

Except one aggregated Ethernet member link, the other links do not send out sFlow sample packets for

•

ingress traffic. PR1449568

Tunneling encapsulated packets are dropped on the Layer 3 VPN MPLS PE-CE interface. PR1451032

•

DHCP snooping static binding does not take effect after deleting and re-adding the entries. PR1451688

•

The MAC pause frames will be incrementing in the Receive direction if half-duplex mode on 10-Mbps

•

or 100-Mbpa speed is configured. PR1452209

The l2ald and eventd processes are hogging 100 percent CPU after the clear ethernet-switching table

•

command is issued. PR1452738

Configuration change in VLAN all option might affect the per-VLAN configuration. PR1453505

•

Version compare in PHC might fail, making the PHC to download the same image. PR1453535

•

You might not be able to apply a firewall filter in a particular VC/VCF member as TCAM space runs out.

•

PR1455177

Packet drop might be seen after removing and reinserting the SFP transceiver of the 40-Gigabit uplink

•

module ports. PR1456039

Link-up delay and traffic drop might be seen on mixed SP Layer 2 or Layer 3 and EP Layer 2 type

•

configurations. PR1456336

The syslog message timeout connecting to peer database-replication is generated when the show

•

version detail command is issued. PR1457284

Overtemperature SNMP trap messages are displayed after the software upgrade and update even though

•

the temperatures are within the system thresholds. PR1457456

The correct VoIP VLAN information in LLDP-MED packets might not be sent after commit if dynamic

•

VoIP VLAN assignment is used. PR1458559

The fxpc process might crash due to several BGP IPv6 session flaps. PR1459759

•

Storage space limitation leads to image installation failure when phone home is used on EX2300 and

•

EX3400 platforms. PR1460087

MAC addresses learned on an RTG might not be aged out after aging time. PR1461293

•

RTG link faces nearly 20 seconds downtime when the backup node is rebooting. PR1461554

•

Configuring any combination of VLANs and interfaces under VSTP/MSTP might cause VSTP/MSTP-related

•

configurations that cannot be committed. PR1463251

The Virtual Chassis function might be broken after upgrading on EX2300 and EX3400 switches.

•

PR1463635

On EX Series switches with ELS and on QFX Series switches, some command lines to disable MAC

•

learning are not working. PR1464797

The jdhcpd might consume high CPU and no further subscribers can be brought up if more than 4000

•

DHCP-relay clients in the MAC-MOVE scenario. PR1465277

The fxpc might crash after mastership election on EX2300 and EX3400 switches. PR1465526

•

The broadcast and multicast traffic might be dropped over IRB or LAG interfaces in QFX Series and EX

•

Series Virtual Chassis scenario. PR1466423

The MAC move message might have an incorrect from interface when rapid MAC moves occurs.

•

PR1467459

In EX3400 FPCs get disconnected from Virtual Chassis briefly after the image upgrades or reboots.

•

PR1467707

Optics measurements might not be streamed for interfaces of a PIC over JTI. PR1468435

•

FPC might be down when configuring vxlan-routing. PR1468736

•

On the EX3400, traffic loss is observed between SFP-T connected interfaces because of auto negotiation

•

failure. PR1469750

EX3400 is advertising only 100 Mbps when configured with 100-Mbps speed with auto negotiation

•

enabled. PR1471931

The shaping of CoS does not work after reboot. PR1472223

•

The RIPv2 packets forwarded across a Layer 2 circuit connection might be dropped. PR1473685

•

The dhcpd process might crash in a Junos fusion environment. PR1478375

•

TFTP installation from loader prompt might not succeed on the EX Series switches. PR1480348

•

ARP request packets for unknown hosts might get dropped in the remote PE device in an EVPN-VXLAN

•

scenario. PR1480776

On the EX2300 Series, the SNMP traps are not generated when MAC addresses when the limit is reached.

•

PR1482709

Infrastructure

The operations on the console might not work if the system ports console log-out-on-disconnect

•

configuration statement is configured. PR1433224

On the EX4300 Series, the CLI configuration on-disk-failure is not supported. PR1450093

•

Certain EX Series switches might panic and generate VM core files, leading to reboot. PR1456668

•

Error messages related to soft reset of ports due to queue buffers being stuck could be seen on EX4600

•

and EX4300 Virtual Chassis. PR1462106

Traffic drop is seen on an EX4300-48MP device that acts as a leaf node in a Layer 2 IP fabric

•

EVPN-VXLAN environment. PR1463318

Continuous dcpfe error messages and eventd process hog might be seen in an EX2300 Virtual Chassis

•

scenario. PR1474808

Interfaces and Chassis

On EX9200 devices, an unexpected duplicate VLAN-ID commit error might be seen. PR1430966

•

The VRRP IPv6 state might flap between init and idle states after VLAN tagging is configured. PR1445370

•

Traffic might be forwarded to wrong interfaces in an MC-LAG scenario. PR1465077

•

Executing commit might hang because of a stuck dcd process. PR1470622

•

J-Web

Some error messages might be seen when using J-Web. PR1446081

•

Junos Fusion for Enterprise

Reachability of the host connected to the satellite device might be affected in a Junos fusion for enterprise

•

environment with EX9200 Series switches as aggregation devices. PR1447873

Loop detection might not work on extended ports in a Junos fusion scenarios. PR1460209

•

Layer 2 Features

Ethernet ring protection switching (ERPS) nodes might not converge to the Idle state after failure recovery

•

or reboot. PR1431262

Physical layer and MAC/ARP learning might not work for copper base SFP-T transceivers on QFX5100,

•

QFX5110, and EX4600. PR1437577

The traffic leaving QFX5000 and EX4600 switches might not be properly load balanced over aggregated

•

Ethernet interfaces. PR1448488

The LLDP function might fail when a Juniper Networks device connects to a non-Juniper device.

•

PR1462171

An fxpc core file might be seen when committing the configuration all together. For example, after a

•

reboot PR1467763

Traffic might be affected if composite next hop is enabled. PR1474142

•

Layer 2 Ethernet Services

The DHCP decline packets are not forwarded to the DHCP server when forward-only is set within DHCP

•

reply. PR1429456

The jdhcpd_era log files constantly consume 121 MB of space out of 170 MB, resulting into a full file

•

system traffic impact. PR1431201

DHCP request might get dropped in a DHCP relay scenario. PR1435039

•

In EX9200 switches, DHCP relay is stripping the GIADDR field in messages toward the DHCP clients.

•

PR1443516

Platform and Infrastructure

LACP DDoS policer is incorrectly triggered by other protocol- traffic on all EX9200, T4000, and MX

•

Series platforms. PR1409626

On the EX4300-48MP running Junos OS Release 18.3R1.9, overtemperature SNMP trap is generated

•

wrongly for line card (EX4300-48P) based on master Routing Engine (EX4300-48MP) temperature threshold value. PR1419300

On the EX4300, the runt counter never increments. PR1419724

•

SNMP (ifHighSpeed) value does not appear properly only for VCP interfaces; , it appears as zero.

•

PR1425167

Packet drops, replication failure, or ksyncd crashes might be seen on the logical system of a device

•

running Junos OS after Routing Engine switchover. PR1427842

IPv6 traffic might be dropped when static /64 IPv6 routes are configured. PR1427866

•

EX4300 does not drop FCS frames with CRC error on xe- interfaces. PR1429865

•

Unicast ARP requests are not replied with the no-arp-trap option. PR1429964

•

EX4300 without soft error recovery (parity check, correction and memscan) enabled. PR1430079

•

The device might not be accessible after the upgrade. PR1435173

•

An FPC/pfex crash might be observed due to DMA buffer leaking. PR1436642

•

The /var/db/scripts directory might be deleted after the request system zeroize command is executed.

•

PR1436773

The laser TX might be enabled while the interface is disabled PR1445626

•

The PoE might not work after the PoE firmware on EX4300 switches is upgraded. PR1446915

•

The firewall filters might not be created due to TCAM issues. PR1447012

•

NSSU causes a traffic loss after the backup-to-master transitions. PR1448607

•

The Errors on certain MPCs are classified as major, which should be minor or non-fatal. PR1449427

•

The REST API process becomes nonresponsive when a number of requests come at a high rate.

•

PR1449987

The IRB traffic might drop after a mastership switchover. PR1453025

•

The traffic for some VLANs might not be forwarded when vlan-id-list is configured. PR1456879

•

The OSPF neighbor might go down when mDNS or PTP traffic is received at a rate higher than 1400

•

pps. PR1459210

ERP might not revert to the Idle state after reload or reboot of multiple switches. PR1461434

•

Traffic loss might be observed longer than 20 seconds when performing NSSU on EX4300 Virtual Chassis.

•

PR1461983

IGMP reports are dropped with mixed enterprise/SP configuration styles on EX4300 switches. PR1466075

•

The switch might not be able to learn MAC addresses with dot1x and interface-mac-limit configured.

•

PR1470424

On an EX4300, the input firewall filter attached to isolated or community VLANs is not matching dot1p

•

bits on the VLAN header. PR1478240

The Virtual Chassis VRRP peer drops packets to VRRP VIP after IRB is disabled. PR1491348

•

Routing Protocols

Host-destined packets with the filter log action might not reach the Routing Engine if log/syslog is

•

enabled. PR1379718

BGP IPv4 or IPv6 convergence and RIB might delete and then install the time degraded in Junos OS

•

Releases 19.1R1, 19.2R1, 19.3R1, and 19.4R1. PR1414121

The traffic with destination UDP port 520 (RIP) or 521 (RIPng) gets dropped on the QFX5000 and

•

EX4600 switches. PR1429543

The fxpc core file might be seen during the reboot of QFX5100 and EX4600 devices. PR1432023

•

The RPD_DYN_CFG_GET_PROF_NAME_FAILED: Get profile name for session XXX failed: -7 error

•

message might be seen in syslog after restarting the routing process. PR1439514

The bandwidth value of DDoS protection might cause packet loss after a device reboot. PR1440847

•

Traffic might be dropped after the Q-in-Q-enabled interface is flapped or a change is made to the

•

vlan-id-list configuration. PR1441402

IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. PR1443507

•

The routing protocol process (rpd) crashes while processing a specific BGP update information.

•

PR1448425

Junos OS BFD sessions with authentication flap after a certain time. PR1448649

•

Loopback address exported into other VRF instances might not work on ACX Series, EX Series, and QFX

•

Series. PR1449410

MPLS LDP might still use the stale MAC address of the neighbor even the LDP neighbor's MAC address

•

changes. PR1451217

The other querier present interval timer cannot be changed in the IGMP/MLD snooping scenario.

•

PR1461590

The MUX state in an LACP interface does not go to collecting and distributing and remains attached

•

after enabling the aggregated Ethernet interface. PR1484523

Receipt of certain genuine BGP packets from any BGP speaker causes rpd to crash. PR1497721

•

User Interface and Configuration

The switch might be unable to commit baseline configuration after zeroization. PR1426341

•

Problem with access to J-Web after update from Junos OS Release 18.2R2 to Junos OS Relesae 18.2R3.

•

PR1454150

The umount: unmount of /.mount/var/val/chroot/packages/mnt/jweb-ex32-d2cf6f6b failed: Device

•

busy message is seen when Junos OS is upgraded with the validate option. PR1478291

Virtual Chassis

The current MAC address might change when one of the multiple Layer 3 interfaces is being deleted.

•

PR1449206

VPNs

MVPN using PIM dense mode does not prune the OIF when PIM prune is received. PR1425876

•

Resolved Issues: 19.2R1

Authentication and Access Control

Without configuring anything related to dot1x, the syslog dot1xd[2192]: task_connect: task

•

PNACAUTH./var/run/authd_control addr /var/run/authd_control: Connection refused is generated repeatedly. PR1406965

EVPN

The device might proxy the ARP probe packets in an EVPN environment. PR1427109

•

ESI is configured on a single-homed 25G port might not work. PR1438227

•

General Routing

On EX4650 switches, convergence delay between PE1 and P router link is more than the expected delay

•

value. PR1364244

OAM Ethernet connectivity-fault-management configured on aggregated Ethernet interfaces is not

•

supported and no commit error is seen. PR1367588

IPv6 router advertisement (RA) messages potentially increase internal kernel memory usage. PR1369638

•

RIPv2 update packets might not be sent with IGMP snooping enabled. PR1375332

•

Input rate PPS does not increase on EX2300-MP uplink ports when the packet is a pure L2 packet like

•

non-etherII or non-EtherSnap. PR1389908

EX3400VC - When an interface in a Virtual Chassis member switch that is not master, is flapped, IGMP

•

query packets 224.0.0.1 are sent to all the ports of the members except the master FPC. PR1393405

PTP over Ethernet traffic might be dropped when IGMP and PTP TC are configured together. PR1395186

•

EX3400 might not learn 30,000 MAC addresses while sending MAC learning traffic. PR1399575

•

MAC-limit with persistent MAC is not working after reboot. PR1400507

•

After upgrading to Junos OS Release 18.1R3.3, adt7470_set_pwm output message is observed

•

continuously. PR1401709

The DHCP discover packets are forwarded out of an interface incorrectly when DHCP snooping is

•

configured on that interface. PR1403528

On EX4300-48MP devices, the packets drop when the traffic filter and the routing instance are configured.

•

PR1407424

The l2cpd might crash if the vstp traceoptions and vstp vlan all commands are configured. PR1407469

•

MAC address movement might not happen in flexible Ethernet services mode when family inet/inet6

•

and vlan-bridge are configured on the same physical interface. PR1408230

EX3400 PSU status is still taking "check" status even though PSU module has been removed. PR1408675

•

On EX2300-24P switches, error message dc-pfe: BRCM_NH-,brcm_nh_resolve_get_nexthop(),346:Failed

•

to find if family is seen. PR1410717

On EX Series devices, the PEM alarm for backup FPC remains on master FPC though the backup FPC

•

is detached from Virtual Chassis. PR1412429

On EX4300-48MP devices, the chassis status LED shows yellow instead of amber. PR1413194

•

The chassisd output power budget is received continually per 5 seconds without any alarm after an

•

upgrade to Junos OS Release 18.1R3. PR1414267

VXLAN encapsulation next hop (VENH) does not get installed during BGP flap or when routing is restarted.

•

PR1415450

On EX3400 switches, the show chassis environment repeats OK and Failed at short intervals. PR1417839

•

The EX3400 VC status might be unstable during the boot-up of the Virtual Chassis or after the Virtual

•

Chassis port flaps. PR1418490

Virtual Chassis might become unstable and FXPC crashes and generates a core file when there are a lot

•

of configured filter entries. PR1422132

On EX3400 auto-negotiation status shows incomplete on ge-0/2/0 using SFP-SX. PR1423469

•

On EX4600 line of switches, MACsec might not connect when the interface disconnects while traffic is

•

passing. PR1423597

I2C read errors are seen when an SFP-T is inserted into a disabled state port configured with set interface

•

<*> disable command. PR1423858

Incorrect model information while polling through SNMP from Virtual Chassis. PR1431135

•

Infrastructure

IfSpeed and IfHighSpeed erroneously reported as zero on EX2300. PR1326902

•

Packet Forwarding Engine is flooded with messages // pkt rx on physical interface NULL unit 0.

•

PR1381151

Interfaces and Chassis

Missing mandatory ICCP configuration statement redundancy-group-id-list produces misleading error

•

message. PR1402606

EVPN aggregated Ethernet interface flaps followed by a commit. PR1425339

•

Junos Fusion Enterprise

PoE over LLDP negotiation is not supported on Junos Fusion Enterprise setup. PR1366106

•

New satellite device cannot be added to the Fusion scenario. PR1374982

•

Cascade port might go down after SD reboot in Junos Fusion Enterprise environment. PR1382091

•

Cannot log in to SD cluster though it is recognized by AD properly. PR1395570

•

The l2ald might crash when clear ethernet-switching table persistent-learning command is issued.

•

PR1409403

Extended ports in Junos Fusion Enterprise do not adjust MTU when VoIP is enabled. PR1411179

•

The traffic might silently drop and get discarded in Junos Fusion Enterprise scenario with dual-AD.

•

PR1417139

Layer 2 Ethernet Services

The malfunction of core isolation feature in EVPN VXLAN scenarios might cause traffic to get silently

•

dropped and discarded. PR1417729

Network Management and Monitoring

Over temperature trap is not sent out even when there is a temperature-hot-alarm. PR1412161

•

Platform and Infrastructure

Ping does not go through the device after WTR timer expires in Ethernet ring protection switching (ERPS)

•

scenario. PR1132770

EX4300 upgrade fails during validation of SLAX script. PR1376750

•

Unicast DHCP request gets misforwarded to backup RTG link on EX4300 Virtual Chassis. PR1388211

•

EX4300 OAM LFM might not work on extended-vlan-bridge interface with native vlan configured.

•

PR1399864

Traffic drop is seen on EX4300 when 10-Gigabit fiber port is using 1-Gigabit Ethernet SFP optics with

•

auto-negotiation enabled. PR1405168

On EX4300, when power supply (PEM) is removed, alarm is not generated. PR1405262

•

The policer might not work when it is applied through the dynamic filter. PR1410973

•

The traffic to the NLB server might not be forwarded if the NLB cluster works on multicast mode.

•

PR1411549

EX4300 QinQ - untagged UNI traffic egress as single-tagged on NNI interface. PR1413700

•

Runt counter never incremented. PR1419724

•

EX4300 does not send fragmentation needed message when MTU is exceeded with DF bit set.

•

PR1419893

The pfex process might crash and core files might be generated when SFP is reinserted. PR1421257

•

Traffic might get silently dropped when one of logical interfaces on LAG is deactivated or deleted.

•

PR1422920

Auditd crashes when accounting RADIUS server is not reachable. PR1424030

•

The native VLAN ID of packets might fail when leaving out. PR1424174

•

Interface flapping scenario might lead to ECMP next-hop install failure on EX4300 switches. PR1426760

•

VIP might not forward the traffic if VRRP is configured on an aggregated Ethernet interface. PR1428124

•

EX4300 does not drop FCS frames on XE interfaces. PR1429865

•

The ERPS failover does not work as expected on EX4300 device. PR1432397

•

Routing Protocols

Host-destined packets with filter log action might reach the Routing Engine. PR1379718

•

The rpd crashes on static route configuration for multicast source. PR1408443

•

Host-generated ICMPv6 RA packets might be dropped on the backup member of Virtual Chassis if

•

igmp-snooping is configured. PR1413543

The EX Series switches might not install all IRB MAC addresses in the initialization. PR1416025

•

After restarting multicast-snooping process, igmp-snooping might not work. PR1420921

•

Software Installation and Upgrade

Configuration loss and traffic loss might be seen if backup Routing Engine is zeroized and is then switched

•

over to master within a short time. PR1389268

Subscriber Access Management

authd reuses address quickly before jdhcpd completely cleans up the old subscriber that gives the

•

following error log DH_SVC_DUPLICATE_IPADDR_ERR: Failed to add x.x.x.x as it is already used by xxx. PR1402653

On EX4300 /var showing full /var/log/dfcd_enc file grows in size. PR1425000

•

SEE ALSO

What’s New | 32

What’s Chnaged | 38

Known Behavior | 41

Open Issues | 43

Documentation Updates | 58

Migration, Upgrade, and Downgrade Instructions | 59

Documentation Updates

IN THIS SECTION

Installation and Upgrade | 58

This section lists the errata and changes in Junos OS Release 19.2R2 for the EX Series switches documentation.

Installation and Upgrade

Veriexec explained (EX Series)—Verified Exec (also known as veriexec) is a file-signing and verification

•

[See Veriexec Overview.]

SEE ALSO

What’s New | 32

What’s Chnaged | 38

Known Behavior | 41

Open Issues | 43

Resolved Issues | 46

Migration, Upgrade, and Downgrade Instructions | 59

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Upgrade and Downgrade Support Policy for Junos OS Releases | 59

This section contains the upgrade and downgrade support policy for Junos OS for the EX Series. Upgrading or downgrading Junos OS can take several hours, depending on the size and configuration of the network. For information about software installation and upgrade, see the Installation and Upgrade Guide.

Upgrade and Downgrade Support Policy for Junos OS Releases

Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from Junos OS Release 17.1 to Release 17.3.

For more information about EEOL releases and to review a list of EEOL releases, see

https://support.juniper.net/support/eol/software/junos/.

SEE ALSO

What’s New | 32

What’s Chnaged | 38

Known Behavior | 41

Open Issues | 43

Resolved Issues | 46

Documentation Updates | 58

Junos OS Release Notes for Junos Fusion Enterprise

IN THIS SECTION

New and Changed Features | 60

Changes in Behavior and Syntax | 61

Known Behavior | 61

Known Issues | 62

Resolved Issues | 63

Documentation Updates | 64

Migration, Upgrade, and Downgrade Instructions | 65

These release notes accompany Junos OS Release 19.2R2 for Junos Fusion Enterprise. Junos Fusion Enterprise is a Junos Fusion that uses EX9200 switches in the aggregation device role. These release notes describe new and changed features, limitations, and known problems in the hardware and software.

NOTE: For a complete list of all hardware and software requirements for a Junos Fusion

Enterprise, including which Juniper Networks devices can function as satellite devices, see

Understanding Junos Fusion Enterprise Software and Hardware Requirements.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

New and Changed Features

There are no new features or enhancements to existing features in Junos OS Release 19.2R2 for Junos fusion for enterprise.

NOTE: For more information about the Junos fusion for enterprise features, see the Junos Fusion

Enterprise User Guide.

SEE ALSO

Changes in Behavior and Syntax | 61

Known Behavior | 61

Known Issues | 62

Resolved Issues | 63

Documentation Updates | 64

Migration, Upgrade, and Downgrade Instructions | 65

Changes in Behavior and Syntax

There are no changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands in Junos OS Release 19.2R2 for Junos fusion for enterprise.

SEE ALSO

New and Changed Features | 60

Known Behavior | 61

Known Issues | 62

Resolved Issues | 63

Documentation Updates | 64

Migration, Upgrade, and Downgrade Instructions | 65

Known Behavior

There are no known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 19.2R2 for Junos fusion for enterprise.

For the most complete and latest information about known Junos OS problems, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

New and Changed Features | 60

Changes in Behavior and Syntax | 61

Known Issues | 62

Resolved Issues | 63

Documentation Updates | 64

Migration, Upgrade, and Downgrade Instructions | 65

Known Issues

IN THIS SECTION

Junos fusion for enterprise | 62

This section lists the known issues in hardware and software in Junos OS Release 19.2R2 for Junos fusion for enterprise.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Junos fusion for enterprise

On EX4300 when 10G fiber port is using 1G Ethernet SFP optics, auto-negotiation is enabled by default.

•

To bring up the satellite device, BCM recommends to disable the auto-negotiation for PHY84756 ports.

PR1420343

In Junos fusion for enterprise environment with EX2300-48P or EX2300-48T acting as satellite devices,

•

loop-detect feature does not work for ports 0-23, since the loop detect filter is not properly applied.

PR1426757

In a Junos fusion system, intermediate traffic drop might be seen between the aggregation and satellite

•

device when Sflow is enabled on the ingress interface. When Sflow is enabled, the original packet is

corrupted for those packets which hit the Sflow filter. This is because the packets egressing the aggregation device are short 4 bytes of FCS and 2 bytes of data. Normal data packets are 128 bytes (4 bytes for FCS, 14 bytes for Ethernet header, 20 bytes for IP header and 90 bytes for data). The corrupted packets are 122 bytes (14 bytes for Ethernet header, 20 bytes for IP header, and 88 bytes for data).

PR1450373

SEE ALSO

New and Changed Features | 60

Changes in Behavior and Syntax | 61

Known Behavior | 61

Resolved Issues | 63

Documentation Updates | 64

Migration, Upgrade, and Downgrade Instructions | 65

Resolved Issues

IN THIS SECTION

Resolved Issues: 19.2R2 | 63

Resolved Issues: 19.2R1 | 64

This section lists the issues fixed in the Junos OS main release and the maintenance releases.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.2R2

Reachability issue of the host connected to the satellite device might be affected in a Junos Fusion

•

Enterprise environment with EX9200 series devices as aggregation devices. PR1447873

Loop detection might not work on extended ports in Junos fusion scenarios. PR1460209

•

The dpd process might be generate a core file on satellite devices in a Junos fusion for enterprise setup.

•

PR1460607

In a Junos fusion service provider setup the EX4300 acting as a satellite device is triggering the

•

temperature sensor alarm on multiple satellite device modules connected to same aggregation device.

PR1466324

Resolved Issues: 19.2R1

PoE over LLDP negotiation is not supported on Junos Fusion Enterprise setup. PR1366106

•

New satellite device cannot be added to the Fusion scenario. PR1374982

•

Cascade port might go down after SD reboot in Junos Fusion Enterprise environment. PR1382091

•

Cannot login to SD cluster though it is recognized by AD properly. PR1395570

•

The l2ald might crash when clear ethernet-switching table persistent-learning command is issued.

•

PR1409403

Extended ports in JFE do not adjust MTU when VoIP is enabled. PR1411179

•

The traffic might silently drop and get discarded in Junos Fusion Enterprise scenario with dual-AD.

•

PR1417139

SEE ALSO

New and Changed Features | 60

Changes in Behavior and Syntax | 61

Known Behavior | 61

Known Issues | 62

Documentation Updates | 64

Migration, Upgrade, and Downgrade Instructions | 65

Documentation Updates

There are no errata or changes in Junos OS Release 19.2R2 for documentation for Junos fusion for enterprise.

SEE ALSO

New and Changed Features | 60

Changes in Behavior and Syntax | 61

Known Behavior | 61

Known Issues | 62

Resolved Issues | 63

Migration, Upgrade, and Downgrade Instructions | 65

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Basic Procedure for Upgrading Junos OS on an Aggregation Device | 65

Upgrading an Aggregation Device with Redundant Routing Engines | 67

Preparing the Switch for Satellite Device Conversion | 68

Converting a Satellite Device to a Standalone Switch | 69

Upgrade and Downgrade Support Policy for Junos OS Releases | 69

Downgrading from Junos OS | 70

This section contains the procedure to upgrade or downgrade Junos OS and satellite software for a Junos fusion for enterprise. Upgrading or downgrading Junos OS and satellite software might take several hours, depending on the size and configuration of the Junos fusion for enterprise topology.

Basic Procedure for Upgrading Junos OS on an Aggregation Device

When upgrading or downgrading Junos OS for an aggregation device, always use the junos-install package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the junos-install package and details of the installation process, see the Installation and Upgrade Guide.

NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration

so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

user@host> request system snapshot

The installation process rebuilds the file system and completely reinstalls Junos OS. Configuration information from the previous software installation is retained, but the contents of log files might be erased. Stored files on the routing platform, such as configuration templates and shell scripts (the only exceptions are the juniper.conf and ssh files), might be removed. To preserve the stored files, copy them to another system before upgrading or downgrading the routing platform. See the Junos OS Administration Library.

To download and install Junos OS:

1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads/

2. Log in to the Juniper Networks authentication system using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.

4. Select the release number (the number of the software version that you want to download) from the Version drop-down list on the right of the page.

5. Select the Software tab.

6. Select the software package for the release.

7. Review and accept the End User License Agreement.

8. Download the software to a local host.

9. Copy the software to the routing platform or to your internal software distribution site.

10. Install the new junos-install package on the aggregation device.

NOTE: We recommend that you upgrade all software packages out of band using the console

because in-band connections are lost during the upgrade process.

Customers in the United States and Canada, use the following commands:

user@host> request system software add validate reboot source/package-name.tgz

All other customers, use the following commands, where n is the spin number.

user@host> request system software add validate reboot source/package-name-limited.tgz

Replace source with one of the following values:

/pathname—For a software package that is installed from a local directory on the router.

•

For software packages that are downloaded and installed from a remote location:

•

ftp://hostname/pathname

•

http://hostname/pathname

•

scp://hostname/pathname (available only for Canada and U.S. version)

•

The validate option validates the software package against the current configuration as a prerequisite to adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is a different release.

Adding the reboot command reboots the router after the upgrade is validated and installed. When the reboot is complete, the router displays the login prompt. The loading process might take 5 to 10 minutes.

Rebooting occurs only if the upgrade is successful.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately to minimize disrupting network operations as follows:

1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

There are multiple methods to upgrade or downgrade satellite software in your Junos fusion for enterprise. See Configuring or Expanding a Junos Fusion Enterprise.

For satellite device hardware and software requirements, see Understanding Junos Fusion Enterprise

Software and Hardware Requirements.

Use the following command to install Junos OS on a switch before converting it into a satellite device:

user@host> request system software add validate reboot source/package-name

NOTE: The following conditions must be met before a Junos switch that is running Junos OS

Release 14.1X53-D43 can be converted to a satellite device when the action is initiated from the aggregation device:

The switch running Junos OS can be converted only to SNOS 3.1 and later.

•

Either the switch must be set to factory-default configuration by using the request system

•

zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.

When the interim installation has completed and the switch is running a version of Junos OS that is compatible with satellite device conversion, perform the following steps:

1. Log in to the device using the console port.

2. Clear the device:

[edit] user@satellite-device# request system zeroize

NOTE: The device reboots to complete the procedure for resetting the device.

If you are not logged in to the device using the console port connection, your connection to the device is lost after you enter the request system zeroize command.

If you lose connection to the device, log in using the console port.

3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:

user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number

For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:

user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 0 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 1 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 2 user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port 3

This step is required for the 40-Gbps QSFP+ interfaces that will be used as uplink interfaces in a Junos Fusion topology. Built-in 40-Gbps QSFP+ interfaces on EX4300 switches are configured into VCPs by default, and the default settings are restored after the device is reset.

After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, or preconfiguration. See Configuring or Expanding a Junos

Fusion Enterprise for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Switch

If you need to convert a satellite device to a standalone device, you must install a new Junos OS software package on the satellite device and remove it from the Junos Fusion topology. For more information, see

Converting a Satellite Device to a Standalone Device.

Upgrade and Downgrade Support Policy for Junos OS Releases

17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from

Junos OS Release 17.1 to Release 17.3.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html

Downgrading from Junos OS

Junos fusion for enterprise is first supported in Junos OS Release 16.1, although you can downgrade a standalone EX9200 switch to earlier Junos OS releases.

NOTE: You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

To downgrade a Junos fusion for enterprise from Junos OS Release 19.2R1, follow the procedure for upgrading, but replace the 19.2 junos-install package with one that corresponds to the appropriate release.

SEE ALSO

New and Changed Features | 60

Changes in Behavior and Syntax | 61

Known Behavior | 61

Known Issues | 62

Resolved Issues | 63

Documentation Updates | 64

Junos OS Release Notes for Junos Fusion Provider Edge

IN THIS SECTION

What's New | 71

What’s Changed | 72

Known Limitations | 73

Open Issues | 73

Resolved Issues | 74

Documentation Updates | 75

Migration, Upgrade, and Downgrade Instructions | 76

These release notes accompany Junos OS Release 19.2R2 for the Junos Fusion Provider Edge. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What's New

IN THIS SECTION

What’s New in Release 19.2R2 | 72

What’s New in Release 19.2R1 | 72

Learn about new features introduced in the main and maintenance releases for Junos Fusion Provider Edge.

What’s New in Release 19.2R2

There are no new features or enhancements to existing features for Junos Fusion Provider Edge in Junos

•

OS Release 19.2R2.

What’s New in Release 19.2R1

Spanning-Tree Protocols

Support for Multiple Spanning Tree Protocol (MSTP) (Junos Provider Edge)—Starting with Junos OS

•

Release 19.2R1, you can configure MSTP on MX480 devices. MSTP scales better than other types of spanning-tree protocols and enables load balancing.

[See Configuring MSTP Protocol.]

SEE ALSO

What’s Changed | 72

Known Limitations | 73

Open Issues | 73

Resolved Issues | 74

Documentation Updates | 75

Migration, Upgrade, and Downgrade Instructions | 76

What’s Changed

There are no changes in the behavior of Junos OS features or in the syntax of Junos OS statements and commands in Junos OS Release 19.2R2 for Junos Fusion Provider Edge.

SEE ALSO

What's New | 71

Known Limitations | 73

Open Issues | 73

Resolved Issues | 74

Documentation Updates | 75

Migration, Upgrade, and Downgrade Instructions | 76

Known Limitations

There are no known behaviors, system maximums, or limitations in hardware and software in Junos OS Release 19.2R2 for Junos Fusion Provider Edge.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

SEE ALSO

What's New | 71

What’s Changed | 72

Open Issues | 73

Resolved Issues | 74

Documentation Updates | 75

Migration, Upgrade, and Downgrade Instructions | 76

Open Issues

IN THIS SECTION

Junos Fusion Provider Edge | 74

Learn about open issues in this release for Junos Fusion Provider Edge.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Junos Fusion Provider Edge

In a Junos fusion system, intermediate traffic drop might be seen between the aggregation and satellite

•

device when Sflow is enabled on the ingress interface. When Sflow is enabled, the original packet is corrupted for those packets which hit the Sflow filter. This is because the packets egressing the aggregation device are short 4 bytes of FCS and 2 bytes of data. Normal data packets are 128 bytes (4 bytes for FCS, 14 bytes for Ethernet header, 20 bytes for IP header and 90 bytes for data). The corrupted packets are 122 bytes (14 bytes for Ethernet header, 20 bytes for IP header, and 88 bytes for data).

PR1450373

SEE ALSO

What's New | 71

What’s Changed | 72

Known Limitations | 73

Resolved Issues | 74

Documentation Updates | 75

Migration, Upgrade, and Downgrade Instructions | 76

Resolved Issues

IN THIS SECTION

Resolved Issues: 19.2R2 | 75

Resolved Issues: 19.2R1 | 75

Learn which issues were resolved in Junos OS main and maintenance releases for Junos Fusion Enterprise.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.2R2

Junos Fusion Satellite Software

The dpd crash might be observed on satellite devices in Junos Fusion Enterprise. PR1460607

•

Temperature sensor alarm is seen on EX4300 in Junos Fusion scenario. PR1466324

•

Resolved Issues: 19.2R1

Junos Fusion Provider Edge

The sdpd process might continuously crash if there are more than 12 cascade-ports configured to a

•

satellite device. PR1437387

The aggregated Ethernet interface might flap whenever a new logical interface is added to it. PR1441869

•

If a default shaper is applied to a cascade interface of an aggregation device (AD), the displayed value

•

of "Guaranteed rate" is greater than the value of "Shaping rate" in the output of the show class-of-service scheduler-hierarchy interface command. PR1415502

Auto-negotiation is not disabled in the hardware after the no-auto-negotiation option is set using the

•

CLI. PR1411852

Junos Fusion Satellite Software

Extended Port (EP) LAG might go down on the Satellite Devices (SDs) if the related Cascade Port (CP)

•

links to an Aggregation Device (AD) goes down. PR1397992

SEE ALSO

What's New | 71

What’s Changed | 72

Known Limitations | 73

Open Issues | 73

Documentation Updates | 75

Migration, Upgrade, and Downgrade Instructions | 76

Documentation Updates

There are no errata or changes in Junos OS Release 19.2R2 documentation for Junos Fusion Provider Edge.

SEE ALSO

What's New | 71

What’s Changed | 72

Known Limitations | 73

Open Issues | 73

Resolved Issues | 74

Migration, Upgrade, and Downgrade Instructions | 76

Migration, Upgrade, and Downgrade Instructions

IN THIS SECTION

Basic Procedure for Upgrading an Aggregation Device | 76

Upgrading an Aggregation Device with Redundant Routing Engines | 79

Preparing the Switch for Satellite Device Conversion | 79

Converting a Satellite Device to a Standalone Device | 81

Upgrading an Aggregation Device | 83

Upgrade and Downgrade Support Policy for Junos OS Releases | 84

Downgrading from Junos OS Release 19.2 | 84

This section contains the procedure to upgrade Junos OS, and the upgrade and downgrade policies for Junos OS for Junos Fusion Provider Edge. Upgrading or downgrading Junos OS might take several hours, depending on the size and configuration of the network.

Basic Procedure for Upgrading an Aggregation Device

When upgrading or downgrading Junos OS, always use the jinstall package. Use other packages (such as the jbundle package) only when so instructed by a Juniper Networks support representative. For information about the contents of the jinstall package and details of the installation process, see the Installation and

Upgrade Guide.

NOTE: Before upgrading, back up the file system and the currently active Junos OS configuration

so that you can recover to a known, stable environment in case the upgrade is unsuccessful. Issue the following command:

user@host> request system snapshot

The download and installation process for Junos OS Release 19.2R2 is different from that for earlier Junos OS releases.

1. Using a Web browser, navigate to the Download Software URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads/

2. Log in to the Juniper Networks authentication system by using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos Fusion to find the software that you want to download.

4. Select the release number (the number of the software version that you want to download) from the Version drop-down list to the right of the page.

5. Select the Software tab.

6. Select the software package for the release.

7. Review and accept the End User License Agreement.

8. Download the software to a local host.

9. Copy the software to the routing platform or to your internal software distribution site.

10. Install the new jinstall package on the aggregation device.

NOTE: We recommend that you upgrade all software packages out-of-band using the console,

because in-band connections are lost during the upgrade process.

Customers in the United States and Canada, use the following commands.

For 64-bit software:

•

NOTE: We recommend that you use 64-bit Junos OS software when implementing Junos

Fusion Provider Edge.

user@host> request system software add validate reboot

source/jinstall64-19.2R2.SPIN-domestic-signed.tgz

For 32-bit software:

•

user@host> request system software add validate reboot

source/jinstall-19.2R2.SPIN-domestic-signed.tgz

All other customers, use the following commands.

For 64-bit software:

•

NOTE: We recommend that you use 64-bit Junos OS software when implementing Junos

Fusion Provider Edge.

user@host> request system software add validate reboot

source/jinstall64-19.2R2.SPIN-export-signed.tgz

For 32-bit software:

•

user@host> request system software add validate reboot

source/jinstall-19.2R2.SPIN-export-signed.tgz

Replace source with one of the following values:

/pathname—For a software package that is installed from a local directory on the router.

•

For software packages that are downloaded and installed from a remote location:

•

ftp://hostname/pathname

•

http://hostname/pathname

•

scp://hostname/pathname (available only for the Canada and U.S. version)

•

The validate option validates the software package against the current configuration as a prerequisite for adding the software package to ensure that the router reboots successfully. This is the default behavior when the software package being added is for a different release.

Rebooting occurs only if the upgrade is successful.

NOTE: After you install a Junos OS Release 19.2R2 jinstall package, you cannot return to the

previously installed software by issuing the request system software rollback command. Instead, you must issue the request system software add validate command and specify the jinstall package that corresponds to the previously installed software.

Upgrading an Aggregation Device with Redundant Routing Engines

If the aggregation device has two Routing Engines, perform a Junos OS installation on each Routing Engine separately as follows to minimize disrupting network operations:

1. Disable graceful Routing Engine switchover (GRES) on the master Routing Engine and save the configuration change to both Routing Engines.

2. Install the new Junos OS release on the backup Routing Engine while keeping the currently running software version on the master Routing Engine.

3. After making sure that the new software version is running correctly on the backup Routing Engine, switch over to the backup Routing Engine to activate the new software.

4. Install the new software on the original master Routing Engine that is now active as the backup Routing Engine.

For the detailed procedure, see the Installation and Upgrade Guide.

Preparing the Switch for Satellite Device Conversion

Satellite devices in a Junos Fusion topology use a satellite software package that is different from the standard Junos OS software package. Before you can install the satellite software package on a satellite

device, you first need to upgrade the target satellite device to an interim Junos OS software version that can be converted to satellite software. For satellite device hardware and software requirements, see

Understanding Junos Fusion Software and Hardware Requirements

NOTE: The following conditions must be met before a standalone switch that is running Junos

OS Release 14.1X53-D43 can be converted to a satellite device when the action is initiated from the aggregation device:

The switch can be converted to only SNOS 3.1 and later.

•

Either the switch must be set to factory-default configuration by using the request system

•

zeroize command, or the following command must be included in the configuration: set chassis auto-satellite-conversion.

Customers with EX4300 switches, use the following command:

user@host> request system software add validate reboot

source/jinstall-ex-4300-14.1X53-D43.3-domestic-signed.tgz

Customers with QFX5100 switches, use the following command:

user@host> request system software add reboot

source/jinstall-qfx-5-14.1X53-D43.3-domestic-signed.tgz

When the interim installation has completed and the switch is running a version of Junos and OS on one line that is compatible with satellite device conversion, perform the following steps:

1. Log in to the device by using the console port.

2. Clear the device:

[edit] user@satellite-device# request system zeroize

NOTE: The device reboots to complete the procedure for resetting the device.

If you are not logged in to the device by using the console port connection, your connection to the device is lost after you enter the request system zeroize command.

If you lose your connection to the device, log in using the console port.

3. (EX4300 switches only) After the reboot is complete, convert the built-in 40-Gbps QSFP+ interfaces from Virtual Chassis ports (VCPs) into network ports:

user@satellite-device> request virtual-chassis vc-port delete pic-slot 1 port port-number

For example, to convert all four built-in 40-Gbps QSFP+ interfaces on an EX4300-24P switch into network ports:

After this initial preparation, you can use one of three methods to convert your switches into satellite devices—autoconversion, manual conversion, and preconfiguration. See Configuring Junos Fusion Provider

Edge for detailed configuration steps for each method.

Converting a Satellite Device to a Standalone Device

If you need to convert a satellite device to a standalone device, you must install a new Junos OS software package on the satellite device and remove the satellite device from the Junos Fusion topology.

NOTE: If the satellite device is a QFX5100 switch, you need to install a PXE version of Junos

OS. The PXE version of Junos OS is software that includes pxe in the Junos OS package name when it is downloaded from the Software Center—for example, the PXE image for Junos OS Release 14.1X53-D43 is named install-media-pxe-qfx-5-14.1X53-D43.3-signed.tgz . If the satellite device is an EX4300 switch, you install a standard jinstall-ex-4300 version of Junos OS.

The following steps explain how to download software, remove the satellite device from Junos Fusion, and install the Junos OS software image on the satellite device so that the device can operate as a standalone device.

1. Using a Web browser, navigate to the Junos OS software download URL on the Juniper Networks webpage:

https://www.juniper.net/support/downloads

2. Log in to the Juniper Networks authentication system by using the username (generally your e-mail address) and password supplied by Juniper Networks representatives.

3. Select By Technology > Junos Platform > Junos Fusion from the drop-down list and select the switch platform series and model for your satellite device.

4. Select the Junos OS Release 14.1X53-D30 software image for your platform.

5. Review and accept the End User License Agreement.

6. Download the software to a local host.

7. Copy the software to the routing platform or to your internal software distribution site.

8. Remove the satellite device from the automatic satellite conversion configuration.

If automatic satellite conversion is enabled for the satellite device’s member number, remove the member number from the automatic satellite conversion configuration. The satellite device’s member number is the same as the FPC slot ID.

[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite member-number

For example, to remove member number 101 from Junos Fusion:

[edit] user@aggregation-device# delete chassis satellite-management auto-satellite-conversion

satellite 101

You can check the automatic satellite conversion configuration by entering the show command at the [edit chassis satellite-management auto-satellite-conversion] hierarchy level.

9. Commit the configuration.

To commit the configuration to both Routing Engines:

[edit] user@aggregation-device# commit synchronize

Otherwise, commit the configuration to a single Routing Engine:

[edit] user@aggregation-device# commit

10. Install the Junos OS software on the satellite device to convert the device to a standalone device.

[edit] user@aggregation-device> request chassis satellite install URL-to-software-package fpc-slot

member-number

For example, to install a PXE software package stored in the /var/tmp directory on the aggregation device onto a QFX5100 switch acting as the satellite device using FPC slot 101:

[edit] user@aggregation-device> request chassis satellite install

/var/tmp/install-media-pxe-qfx-5-14.1X53-D43.3-signed.tgz fpc-slot 101

For example, to install a software package stored in the var/tmp directory on the aggregation device onto an EX4300 switch acting as the satellite device using FPC slot 101:

[edit] user@aggregation-device> request chassis satellite install

/var/tmp/jinstall-ex-4300-14.1X53-D30.3-domestic-signed.tgz fpc-slot 101

The satellite device stops participating in the Junos Fusion topology after the software installation starts. The software upgrade starts after this command is entered.

11. Wait for the reboot that accompanies the software installation to complete.

12. When you are prompted to log back into your device, uncable the device from the Junos Fusion topology. See Removing a Transceiver from a QFX Series Device or Remove a Transceiver, as needed. Your device has been removed from Junos Fusion.

NOTE: The device uses a factory-default configuration after the Junos OS installation is

complete.

Upgrading an Aggregation Device

When you upgrade an aggregation device to Junos OS Release 19.2R1, you must also upgrade your satellite device to Satellite Device Software version 3.1R1.

Upgrade and Downgrade Support Policy for Junos OS Releases

17.2, and 17.3 are EEOL releases. You can upgrade from Junos OS Release 17.1 to Release 17.2 or from

Junos OS Release 17.1 to Release 17.3.

For more information about EEOL releases and to review a list of EEOL releases, see

https://www.juniper.net/support/eol/junos.html.

Downgrading from Junos OS Release 19.2

To downgrade from Release 19.2 to another supported release, follow the procedure for upgrading, but replace the 19.2 jinstall package with one that corresponds to the appropriate release.

NOTE: You cannot downgrade more than three releases.

For more information, see the Installation and Upgrade Guide.

SEE ALSO

What's New | 71

What’s Changed | 72

Known Limitations | 73

Open Issues | 73

Resolved Issues | 74

Documentation Updates | 75

Junos OS Release Notes for MX Series 5G Universal Routing Platform

IN THIS SECTION

What’s New | 85

What's Changed | 106

Known Limitations | 113

Open Issues | 117

Resolved Issues | 129

Documentation Updates | 174

Migration, Upgrade, and Downgrade Instructions | 176

These release notes accompany Junos OS Release 19.2R2 for the MX Series. They describe new and changed features, limitations, and known and resolved problems in the hardware and software.

You can also find these release notes on the Juniper Networks Junos OS Documentation webpage, located at https://www.juniper.net/documentation/product/en_US/junos-os.

What’s New

IN THIS SECTION

What’s New in 19.2R2 | 86

What’s New in 19.2R1-S4 | 86

What’s New in 19.2R1-S1 | 87

What’s New in 19.2R1 | 88

Learn about new features introduced in the Junos OS main and maintenance releases for MX Series.

What’s New in 19.2R2

Junos OS XML, API, and Scripting

Support for 64-bit architecture added for use of management interface in a nondefault routing instance

•

in op scripts and JET applications (MX Series)—Junos OS Release 19.2R2 supports 64-bit architecture Junos OS operating scripts (op scripts) and on-box JET applications can now use the function set_routing_instance() to program the protocol software (TCP/UDP) to use a nondefault routing instance instead of the default management routing interface.

[See set_routing_instance() Function (Python).]

Network Management and Monitoring

Implement new MIBs using telemetry-based model (MX Series)—Starting in Junos OS Release 19.2R2,

•

new MIBs mplsMldpInterfaceStatsEntry and mplsMldpFecUpstreamSessTable are introduced. The Routing Engine uses a telemetry-based approach to collect statistics to provide MIB data for these MIBs. A new statement, sensor-based-stats at the [edit protocols ldp traffic-statistics] hierarchy level, enables telemetry-based collection. You must configure this statement to enable MIB data collection for mplsMldpInterfaceStatsEntry and mplsMldpFecUpstreamSessTable.

Routing Protocols

Option to pause BGP multipath computation during BGP peering churn (MX Series, PTX Series, and

•

QFX Series)—Starting in Junos OS Release 19.2R2, you can choose to defer multipath computation for all families during a BGP peering churn. In very large-scale network deployments during BGP peering churn there is a temporary spike in multipath computation, which takes a toll on the Packet Forwarding Engine resources. This feature allows you to pause the multipath computation and to resume after the peering churn settles down. Note that if there is no BGP peering churn, then multipath computation is not paused.

To enable the pause option for BGP multipath computation during BGP peering churn, include the pause computation statement at the [edit protocols BGP multipath] hierarchy level.

Subscriber Management and Services

CoA messages support Session-Timeout attribute (MX Series)—Starting in Junos OS Release 19.2R2,

•

you can apply a session timeout for subscriber sessions with a RADIUS CoA message that includes the Session-Timeout attribute (27). This capability is useful, for example, when subscribers purchase Internet access for a specific period of time and must log out when the session expires. In earlier releases, the router does not recognize the attribute if it is included in a CoA message.

[See Understanding Session Options for Subscriber Access.]

What’s New in 19.2R1-S4

Interfaces and Chassis

Support for 1-Gbps speed on QFX-60S line card on PTX10008 and PTX10016 Routers—Starting in

•

Junos OS Release 19.2R1-S4, QFX10000-60S-6Q line card supports 1-Gbps speed on its ports (0 through

59). The QFX10000-60S-6Q line card contains 60 SFP+ ports that support 10-Gbps, two dual-speed QSFP28 ports that support either 40-Gbps or 100-Gbps, and four QSFP+ ports that support 40-Gbps. You can individually configure ports 0 to 59 for 10-Gbps or 1-Gbps port speed. Use the set chassis fpc fps-slot-number pic pic-number port port-number speed 1G command to change the mode of a port from 10-Gbps to 1-Gbps. The transceivers supported for 1-Gbps are QFX-SFP-1GE-LX, QFX-SFP-1GE-SX, and QFX-SFP-1GE-T.

[See QFX10000 Line Cards for details on the combination of modes supported on the ports.]

Services Applications

Support for Two-Way Active Measurement Protocol (TWAMP) and hardware timestamping of RPM

•

probe messages (MX10000 and PTX10000 routers)—Starting in Release 19.2R1-S4, Junos OS supports TWAMP and hardware timestamping of RPM probe messages on the MX10008, MX10016, PTX10008 and PTX10016 routers. You can use TWAMP to measure IP performance between two devices in a network. By enabling hardware timestamping of RPM you can account for the latency in the communication of probe messages and also generate more accurate timers in the Packet Forwarding Engine.

[See Understanding Two-Way Active Measurement Protocol on Routers and Understanding Using

Probes for Real-Time Performance Monitoring on M, T, PTX and MX Series Routers.]

What’s New in 19.2R1-S1

MPLS

Distributed CSPF for segment routing LSPs (MX Series)—Starting in Junos OS Release 19.2R1-S1, you

•

can compute a segment routing LSP locally on the ingress device according to the constraints you have configured. With this feature, the LSPs are optimized based on the configured constraints and metric type. The LSPs are computed to utilize the available ECMP paths to the destination.

Prior to Junos OS Release 19.2R1-S1, for traffic engineering of segment routing paths, you could either explicitly configure static paths, or use computed paths from an external controller.

[See Enabling Distributed CSPF for Segment Routing LSPs.]

Color-based mapping of VPN services over SRTE (MX Series)—Starting in Junos OS Release 19.2R1-S1,

•

you can specify a color attribute along with an IP protocol next hop to resolve transport tunnels over static colored and BGP segment routing traffic-engineered (SRTE) label-switched paths (LSPs). This is called the color-IP protocol next hop resolution, where you are required to configure a resolution-map and apply it to the VPN services. Prior to this release, the VPN services were resolved over IP protocol next hops only.

With this feature, you can enable color-based traffic steering of Layer 2 and Layer 3 VPN services.

[See Color-Based Mapping of VPN Services Overview.]

Routing Protocols

Decouple RSVP for IGP-TE (MX Series, PTX Series, ACX Series, QFX Series, SRX Series, and EX

•

What’s New in 19.2R1

Hardware

New fixed-configuration Modular Port Concentrator (MX240, MX480, and MX960)—Starting in Junos

•

OS Release 19.2R1, the MPC10E-10C-MRATE is a new Modular Port Concentrator (MPC) that is supported on the MX240, MX480, and MX960 routers.

The MPC10E-10C-MRATE features the following:

Line-rate throughput of up to 1.0 Tbps when installed with an enhanced midplane and 800 Gbps when

•

installed with a standard midplane.

Eight QSFP28 ports—Port numbers 0/0 through 0/3 and 1/0 through 1/3. The ports can be configured

•

as 10-Gbps, 40-Gbps, or 100-Gbps Ethernet ports.

Two QSFP56-DD ports—Port numbers 0/4 and 1/4. The ports can be configured as 10-Gps, 40-Gps,

•

100-Gbps Ethernet ports.

[See MX Series 5G Universal Routing Platform Interface Module Reference.]

MX10016 Universal Routing Platform—The MX10016 router provides 10-Gigabit Ethernet, 40-Gigabit

•

Ethernet, and 100-Gigabit Ethernet modular solutions that support up to 2.4 Tbps per slot. The MX10016 router provides redundancy and resiliency. All major hardware components including the power system, the cooling system, the control board and the switch fabrics are fully redundant. MX10016 enables cloud and data center operators to transition from 10-Gigabit Ethernet and 40-Gigabit Ethernet networks to 100-Gigabit Ethernet high-performance networks. The 21 rack unit (21 U) modular chassis can provide

38.4 Tbps of throughput. The MX10016 router has 16 slots for the line cards that can support a maximum of 1536 10-Gigabit Ethernet ports, 384 40-Gigabit Ethernet ports, or 384 100-Gigabit Ethernet ports.

You can deploy the MX10016 router in an IP edge network using an MX10K-LC2101 line card (ordering model number is JNP10K-LC2101).

[See MX10016 Hardware Guide.]

Advanced Cooling and Power Components (MX10008 Routers)—Starting in Junos OS Release 19.2R1,

•

MX10008 routers offer 5.5 KW power supplies, new high performance fan tray, and compatible fan tray controller. The JNP10K-PWR-AC2 power supply supports AC, high-voltage alternating current (HVAC), DC, or high-voltage direct current (HVDC). The JNP10K-PWR-DC2 provides a 5.5 KW upgrade for DC users. The JNP10008-FAN2 offers increased air flow through the chassis. The JNP10008-FAN2 offers 1793 cubic feet per minute (CFM) per fan tray. The new fan tray controller, JNP10008-FTC2 supports the new fan tray.

[See MX10008 Hardware Guide.]

Authentication, Authorization and Accounting (AAA) (RADIUS)

Option to enable and disable SCP per user level independent of SSH (MX Series)—Starting in Junos OS

•

19.2R1, you can enable and disable SCP for a certain login class user independent of SSH. By defualt, SCP is not allowed for users added to the system defined classes read-only, operator and unauthorized and is only allowed to the system defined class super-user. SCP is allowed for any login class user belonging to a user defined class. You can deny SCP request for a user assigned to a user defined class by using the no-scp-server configuration statement. Prior to 19.2R1, SCP was enabled and disabled when SSH was enabled and disabled.

To disable SCP for a certain login class, use set no-scp-server at the [edit system login class <class_name>] hierarchy level.

[See no-scp-server.]

Option to enable and disable SFTP per user level (MX Series)—Starting in Junos OS 19.2R1, you can

•

enable and disable SFTP for a certain login class user. By defualt, SFTP is not allowed for users added to the system defined classes read-only, operator and unauthorized and is only allowed to the system defined class super-user if SFTP is enabled globally. For a user assigned to a user defined class, by default SFTP requests are allowed if set system services ssh sftp-server is configured. You can now deny SFTP requests for a user assigned to a user defined class by using the no-sftp-server configuration statement.

To disable SFTP for a certain login class, use set no-sftp-server at the [edit system login class <class_name>] hierarchy level.

[See no-sftp-server.]

EVPN

Support for BFD, BGP, IS-IS, and OSPF on IRB interfaces in EVPN-MPLS networks (MX Series and

•

vMX)—Starting with Junos OS Release 19.2R1, you can configure Bidirectional Forwarding Detection (BFD), BGP, IS-IS, and OSPF routing protocols on the IRB interface in an EVPN-MPLS network to route and forward EVPN traffic. This feature supports single-homed, single-active, and all-active multihomed networks.

[See EVPN with IRB Solution Overview.]

EVPN support of VLAN ID ranges and lists in service provider style interface configurations (MX Series

•

routers, and vMX virtual routers)—Starting in Junos OS Release 19.2R1, EX9200 switches, ACX5448 and MX Series routers, and vMX virtual routers support the use of VLAN ID ranges and lists in a service provider style interface configuration, which must be referenced in an EVPN routing instance. This configuration is supported with the following EVPN environments, services, and features:

Environments:

•

EVPN with VXLAN encapsulation

•

EVPN with MPLS encapsulation

•

VLAN bundle service:

•

E-LAN

•

E-Tree

•

E-Line

•

Feature:

•

EVPN multihoming:

•

All-active

•

Single-active

•

Singlehoming

•

[See VLAN ID Ranges and Lists in an EVPN Environment.]

Connectivity fault management support in EVPN-VPWS (MX Series)—Starting with Junos OS Release

•

19.2R1, you can configure Up maintenance association end points (MEPs) and maintenance association intermediate point (MIPs) on attachment circuits in support of connectivity fault management (CFM) in EVPN-VPWS networks. With the MEPs, you can monitor connectivity between two points on the EVPN-VPWS network. Junos OS supports the continuity check messages (CCM), loopback and link trace messages (LTMs) as defined in IEEE 802.1AG CFM, and delay measurements (DM) and synthetic loss measurements (SLMs) as defined in Y.1731 on a single-active homing network.

[See Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview.]

Support for control word in EVPN-VPWS (MX Series and vMX) —Starting with Junos OS Release 19.2R1,

•

[See Control Word for EVPN-VPWS.]

Forwarding and Sampling

Support for local preference when selecting forwarding next-hops for ECMP traffic (MX Series)—Starting

•

in Junos OS Release 19.2R1, you can have equal cost multi-path (ECMP) traffic flows prefer local forwarding next-hops over remote ones. This feature supports BGP prefixes that are directly reachable with IPv4 MPLS ECMP next-hops. Use ecmp-local-bias to direct ECMP traffic towards local links, for example, to ensure that the overall load on the fabric is reduced. [See ecmp-local-bias for usage details.]

High Availability (HA) and Resiliency

ISSU suport for MX2008 (MX Series)—Starting in Junos OS Release 19.2R1, MX2008 routers support

•

ISSU.

[See Understanding In-Service Software Upgrade (ISSU)]

Interfaces and Chassis

Support for local preference when selecting forwarding next-hops for load balancing (MX Series)—Starting

•

in Junos OS Release 19.2R1, you can have traffic flows across aggregated Ethernet or logical-tunnel interfaces prefer local forwarding next-hops over remote ones, for example to ensure that the overall load on the fabric is reduced. [See local-bias for usage details.]

Support to collect and display PRBS statistics (MX10003 and MX204)—Starting in Junos OS Release

•

19.2R1, on MX10003 and MX204 routers, you can check the physical link connectivity by issuing the test interfaces ifd-name prbs-test-start pattern-type type direction (0|1) flip (0|1) that starts collecting the PRBS statistics.

The output of the show interfaces interface-name prbs-stats command displays the PRBS statistics while the test is in progress. These statistics are cleared after the test is complete or if it is stopped. You can stop collecting the statistics by issuing the test interfaces ifd-name prbs-test-stop direction (0|1) command.

NOTE: While running PRBS statistics, the link will be down.

[See prbs-test-start, prbs-test-stop, show interfaces prbs-stats, Collecting Pseudo Random Bit Sequence

(PRBS) Statistics.]

Domain Name System (DNS) is VRF aware (MX Series)—Starting in Junos OS Release 19.2R1, when the

•

management-instance statement is configured at the [edit system] hierarchy level, you can use the non-default management routing instance mgmt_junos as the routing instance through which the DNS name server is reachable. To specify the routing instance mgmt_junos, configure our new configuration statement routing-instance mgmt_junos, at the [edit system name-server server-ip] hierarchy level.

[See Management Interface in a Nondefault Instance, Configuring a DNS Name Server for Resolving a

Hostname into Addresses, name-server, and show host.]

SCBE3-MX interoperates with MPC10E-10C (MX240, MX480, and MX960)—Starting in Junos OS

•

Release 19.2R1, the Enhanced Switch Control Board SCBE3-MX (model number: SCBE3-MX-S) supports fabric management on the MPC10E-10C line card on the MX240, MX480, and MX960 routers. The

SCBE3-MX-S supports a pluggable Routing Engine and provides a control plane and data plane interconnect to each line card slot. The MPC10E-10C supports a bandwidth of up to 1 Tbps (800 Gbps with four planes and 1 Tbps with 5 or 6 planes). With MPC10E 15C line card, in a non-redundant configuration the SCBE3-MX provides fabric bandwidth of up to 1 Tbps per slot with four fabric planes and 1.5 Tbps per slot when all six fabric planes are used. Starting in this release, the MPC10E line cards support the standard midplane, which supports a bandwidth up to 800 Gbps per slot. Support for the enhanced midplane, which provides a bandwidth of 1.5 Tbps with MPC10E-15C and 1 Tbps with MPC10E-10C, is already available.

[See SCBE3-MX Description and MPC10E-15C-MRATE]

Support for QSFP-100GE-DWDM2 transceiver (MX204, MX10003, MX10008, and MX10016)—Starting

•

in Junos OS Release 19.2R1, the MX204, MX10003, MX10008, and MX10016 routers support the QSFP-100GE-DWDM2 transceiver. The 100-Gbps bidirectional transceiver has a dual transmitter/receiver that enables it to transmit and receive data through a single optical fiber. You can perform the following actions when this transceiver is installed:

View the diagnostics data, warnings, and alarms for interfaces. [See show interfaces diagnostics optics.]

•

Clear the bit error rate (BER) counters. [See clear interfaces statistics.]

•

Obtain the transport, performance monitoring, and threshold crossing alert (TCA) information for

•

interfaces. [See show interfaces transport pm.]

Clear the optics information from transport performance monitoring data. [See clear interfaces transport

•

pm.]

Enable or disable TCAs. [See tca.]

•

Enable or disable loopback mode. [See optics-options.]

•

MPC10 distributed LACP support in PPM AFT (MX Series)—Starting in Junos OS Release 19.2R1, the

•

MPC10E-15C-MRATE and MPC10E-10C-MRATE MPCs support distributed LACP in Periodic Packet Manager (ppman) Advanced Forwarding Toolkit (AFT).

Support for Routing Engine hard disk smart check (MX240, MX480, MX204, MX960, MX10008,

•

MX2008, MX2020, MX10016, MX10000, MX2010, MX10002, and MX10003)—Starting in Junos OS Release 19.2R1, you can configure the device to perform certain health checks on the Routing Engine solid-state drive (SSD) and log a health event or raise an alarm in case a predefined health attribute threshold is breached. You can use the set chassis routing-engine disk smart-check command to instruct the system to raise an alarm when an SSD health attribute threshold is breached. You can view the alarm by using the command show chassis alarms.

[See smart-check]

Junos OS XML API and Scripting

Automation script library additions and upgrades (MX Series)—Starting in Junos OS Release 19.2R1,

•

devices running Junos OS that support the Python extensions package include new and upgraded Python modules. Python automation scripts can leverage new on-box Python modules, including the requests, chardet, and urllib3 modules, as well as upgraded versions of the idna, ipaddress, and six modules. The Requests library provides additional methods for supporting initial deployments as well as for performing routine monitoring and configuration changes on devices running Junos OS.

[See Overview of Python Modules Available on Devices Running Junos OS and Using the Requests

Library for Python on Devices Running Junos OS.]

Junos Telemetry Interface

•

Inline active flow monitoring support using JTI (MPC10E-15C-MRATE line cards)—Starting in Junos OS Release 19.2R1, Junos Telemetry Interface (JTI) supports streaming inline active flow monitoring service-related statistics and errors counters for export to outside collectors at configurable intervals using remote procedure call (gRPC) services.

Use the following resource path to export statistics:

/junos/system/linecard/services/inline-jflow/

To provision the sensor to export data through gRPC services, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

[See Configuring Flow Aggregation on MX, M, vMX and T Series Routers and NFX250 to Use Version

9 Flow Templates, Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC on Junos Telemetry Interface.]

•

Packet Forwarding Engine support for JTI (MX2010 and MX2020 routers)—Starting in Junos OS Release

19.2R1, Junos telemetry interface (JTI) supports streaming of Packet Forwarding Engine statistics for MX2010 and MX2020 routers using Remote Procedure Calls (gRPC). gRPC is a protocol for configuration and retrieval of state information.

To provision the sensor to export data through gRPC, use the telemetrySubscribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support the JTI.

[See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

Sensor- level statistics support on JTI (MX960, MX2008, MX2010, MX2020, PTX5000, PTX1000, and

•

PTX10000 routers and QFX5100 and QFX5200 switches)—Starting with Junos OS Release 19.2R1, you can issue the Junos operational mode command show network-agent statistics to provide more information on a per-sensor level for statistics being streamed to an outside collector by means of remote procedure calls (gRPC) and Junos telemetry interface (JTI). Only sensors exported with gRPC are supported. The command does not support UDP-based sensors.

[See show network-agent statistics and Understanding OpenConfig and gRPC on Junos Telemetry

Interface.]

•

ONCE mode supported using gNMI services and JTI (MX Series)—Starting in Junos OS Release 19.2R1, you can include the "ONCE" mode with the Subcribe RPC when subscribing to gRPC Network Management Interface (gNMI) services to export statistics for telemetry monitoring and management using Junos telemetry interface (JTI). ONCE mode ensures that the collector is only streamed telemetry information one time.

The Subscribe RPC and subscription parameters are defined in the gnmi.proto file.

Streaming telemetry data through gNMI also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

[See Understanding OpenConfig and gRPC on Junos Telemetry Interface.]

•

Packet Forwarding Engine statistics export using gNMI and JTI (MX960, MX2008, MX2010 and MX2020 routers)—Starting in Junos OS Release 19.2R1, you can stream Packet Forwarding Engine statistics to

an outside collector using gRPC Management Interface (gNMI) version 0.7.0 and Junos telemetry interface (JTI). Prior to this, these statistics were exported using OpenConfig gRPC and UDP protocol buffer (gpb) format. OpenConfig gRPC and gNMI are both protocols used to modify and retrieve configurations as well as export telemetry streams from a device in order to manage and monitor it

To provision Packet Forwarding Engine sensors to export data through gNMI, use the Subscribe RPC defined in the gnmi.proto to specify request parameters. This RPC already supports Routing Engine statistics to be exported by means of gNMI. Now, Packet Forwarding Engine sensors will also stream KV pairs in gNMI format for a majority of Packet Forwarding Engine sensors.

[See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC

on Junos Telemetry Interface.]

•

Broadband edge statistics support through JTI (MX Series)—Starting in Junos OS Release 19.2R1, subscriber-based telemetry streaming is enabled when an MX Series router is configured for Broadband Network Gateway (BNG) and Junos Fusion where subscribers are connected through Junos Fusion Satellite devices. You can use remote procedure calls (gRPC) to export broadband edge (BBE) telemetry statistics to external collectors. gRPC is a protocol for configuration and retrieval of state information.

You can stream all BBE resource paths except for the following:

/junos/system/subscriber-management/access-network/ancp

•

/junos/system/subscriber-management/client-protocols/l2tp

•

/junos/system/subscriber-management/infra/network/l2tp/

•

To stream BBE statistics, include a resource path starting with /junos/system/subscriber-management/ in your gRPC subscription.

[See Guidelines for gRPC Sensors (Junos Telemetry Interface) and Understanding OpenCOnfig and gRPC

on Junos Telemetry Interface.]

•

gRPC-based streaming telemetry support for subscriber service accounting statistics for JTI (MX Series 5G Universal Routing Platform)—Starting in Junos OS Release 19.2R1, you can enable service filter

accounts statistics for subscribers using Junos telemetry interface (JTI) and remote procedure calls (gRPC). Service accounting statistics include IP protocol IPv4 family, IPv6 family, or both, as well as transmit and receive packets and bytes for subscriber service sessions.

To enable these statistics from an MX Series router, include the service-statistics statement at the [edit dynamic-profiles my-service-profile telemetry] hierarchy level.

To stream these statistics, include the resource path /junos/system/subscriber-mamagement/dynamic-interfaces/interfaces/services/ in your gRPC subscription to export the statistics to an outside collector.

[See Guidelines for gRPC Sensors (Junos Telemetry Interface) service-statistics, and Enable Service Filter Accounting Statistics for Subscribers.]

•

FPC and optics support for JTI (MX Series)—Starting in Junos OS Release 19.2R1, Junos telemetry interface (JTI) supports streaming of Flexible PIC Concentrator (FPC) and optics statistics for the MX Series router using remote procedure calls (gRPC). gRPC is a protocol for configuration and retrieval of state information. This feature effort includes the addition of a new process (SensorD daemon) to export telemetry data for integration with AFTTelementry and LibTelemetry libraries in the OpenConfig model called AFT platform.

The following base resource paths are supported:

/junos/system/linecard/environment/

•

/junos/system/linecard/optics/

•

/junos/system/linecard/optics/optics-diag[if-name =])

•

/junos/system/linecard/optics/optics-diag/if-name

•

/junos/system/linecard/optics/optics-diag/snmp-if-index

•

/junos/system/linecard/optics/lane[lane_number=]/

•

To provision the sensor to export data through gRPC, use the telemetrySubcribe RPC to specify telemetry parameters. Streaming telemetry data through gRPC also requires the OpenConfig for Junos OS module. Starting in Junos OS Release 18.3R1, OpenConfig and Network Agent packages are bundled into the Junos OS image by default. Both packages support JTI.

[See Guidelines for gRPC Sensors (Junos Telemetry Interface).]

•

Specify Routing Instance for JTI (ACX Series, MX Series, PTX Series, and QFX Series)—Starting in Junos OS Release 19.2R1, you can specify the routing instance to use for remote procedure call (gRPC) services. Include the routing-instance instance-name at the [edit system services extension-service request-response grpc] hierarchy level. The routing instance name specified should match the name of the existing routing instance, such as a name configured under the [routing-instances] hierarchy level or mgmt_junos if system management-instance is configured (the dedicated management routing instance).

Layer 2 VPN

Support for group key acknowledgment messages (MX Series)—Starting with Junos OS Release 19.2R1,

•

Junos OS supports group members sending acknowledgment messages as defined in RFC 8263 in response to group key push messages sent by group controllers and key servers. The group member sends acknowledgment messages when it receives a group key push message with a standard KEK_ACK_REQUESTED value of 9 in the SA KEK payload as defined in RFC 8263 or a KEK_ACK_REQUESTED value of 129 that is used in older key servers. No additional configuration is required.

[See Group VPNv2 Overview.]

Layer 2 Features

Support for basic Layer 2 features on MPC10E-15C-MRATE line card (MX Series)—Starting in Junos

•

OS Release 19.2R1, MPC10E-15C-MRATE line card supports the following basic Layer 2 features:

Layer 2 bridging with trunk and access modes

•

MAC learning and aging

•

Handling BUM (broadcast, unknown unicast and multicast) traffic, including split horizon

•

MAC move

•

Layer 2 forwarding and flooding statics

•

Mesh groups

•

Static MAC addresses

•

MAC learning and forwarding on AE interfaces

•

Bridging on untagged interfaces

•

Basic Q-n-Q tunneling (without VLAN-translation and VLAN map operations)

•

[See Understanding Layer 2 Bridge Domains, Understanding Layer 2 Learning and Forwarding.]

Layer 3 Features

MPC10E-10C and MPC10E-15C support layer 3 routing features (MX240, MX480, and MX960)—Starting

•

in Junos OS Release 19.2R1, MPC10E-10C and MPC10E-15C line cards support the following features in hyper-mode:

Configuring ICMP redirects and generating ICMP redirect messages.

•

Padding VLAN packets to a minimum frame size of 68 bytes, by using the existing command set

•

interfaces interface-name gigether-options pad-to-minimum-frame-size.

Collecting interface family statistics for IPv4 and IPv6, by using the existing command show interfaces

•

statistics detail interface-name.

See Understanding the Hyper Mode Feature on Enhanced MPCs for MX Series Routers and EX9200

Switches

MPLS

Dynamic creation of segment routing LSPs using BGP protocol next hops (MX Series)—Starting in Junos

•

OS Release 19.2R1, you can configure tunnel templates on colored and non-colored segment routing traffic-engineered (SR-TE) paths. These templates enable dynamic creation of segment routing tunnels using protocol next hops with BGP prefixes to resolve destination segment identifiers (SIDs).

With this feature, you can benefit from reduced configuration, especially when the network deployment requires connectivity from each provider edge (PE) device to every other PE device.

[See Static Segment Routing Label Switched Path.]

CSC support for MPLS-over-UDP tunnels (MX Series with MPC and MIC and VMX)—Starting in Junos

•

Release 19.2R1, carrier supporting carrier (CSC) architecture can be deployed with MPLS-over-UDP tunnels carrying MPLS traffic over dynamic IPv4 UDP tunnels that are established between supporting carrier's provider edge (PE) devices. With this enhancement, the scaling advantage that the MPLS-over-UDP tunnels provided is further increased. This feature is not supported on IPv6 UDP tunnels.

[See Example: Configuring Next-Hop-Based MPLS-Over-UDP Dynamic Tunnels.]

Network Management and Monitoring

Support for displaying valid user input in the CLI for command options and configuration statements

•

in custom YANG data models (MX Series)—Starting in Junos OS Release 19.2R1, the CLI displays the set of possible values for a given command option or configuration statement in a custom YANG data

model when you include the action-expand extension statement in the option or statement definition and reference a script that handles the logic. The action-expand statement must include the script child statement, which defines the Python action script that is invoked when a user requests context-sensitive help in the CLI for the value of that option or statement.

[See Displaying Valid Command Option and Configuration Statement Values in the CLI for Custom YANG

Modules.]

Support for Synchronous Ethernet with ESMC on JNP10K-LC2101 (MX10008 and MX10016)—Starting

•

in Junos OS Release 19.2R1, the JNP10K-LC2101 line card supports Synchronous Ethernet (SyncE) with ESMC. Synchronous Ethernet is a physical layer technology that is used to transfer clock signals over Ethernet interfaces. ESMC transmits Synchronization Status Message (SSM) information, which is the quality level of the transmitting synchronous Ethernet equipment clock (EEC), by using ESMC protocol data units (PDUs). This support allows you to configure BITS-0 (external-0) and BITS-1 (external-1) ports as clock sources or outputs on master Routing and Control Board (JNP10K-RE1). You can also configure a GPS (external-2) port as a clock source on master Routing and Control Board. This feature also supports SyncE over aggregated Ethernet (AE).

NOTE: Only the GPS port and BITS ports that are configured on master RCB are active.

[Centralized Clocking Overview and Understanding ESMC Quality Level Mapping]

Support for optimizing the SNMP walk execution time for IPsec statistics (MX Series)—Starting in Junos

•

OS Release 19.2R1, you can optimize the SNMP walk execution time for IPsec statistics. To achieve this optimization, increase the cache lifetime of the IPsec related information (for example statistics and SA information) so that a single SNMP walk request is served for N number of IPsec Security Associations (SAs) with N number of queries made to the service PIC. IPsec statistics are now fetched by the burst mode, thereby reducing the load on the Routing Engine daemon, kmd. For different scale needs, we may have to tweak the hidden SNMP knob parameters, for example, with Dead Peer detection (DPD) having more number of tunnels without traffic and simultaneous SNMP walks.

Port Security

Fallback PSK for Media Access Control Security (MACsec) (MX Series)—Starting in Junos OS Release

•

19.2R1, fallback PSK for MACsec is supported on MX Series routers that support MACsec. The fallback PSK provides functionality to establish a secure session in the event that the primary PSKs on each end of a MACsec-secured link do not match.

[See Configuring Media Access Control Security (MACsec) on MX Series Routers.]

Routing Policy and Firewall Filters

Support for CCC and Layer 3 firewall forwarding on MPC10E-15C-MRATE line cards (MX

•

Series)—Starting with Junos OS Release 19.2R1, circuit cross-connect (CCC) traffic and Layer 3 firewall forwarding features are supported on MPC10E-15C-MRATE line cards.

[See CCC Overview and Protocols and Applications Supported by the MPC10E-15C-MRATE.]

Routing Protocols

MPC10 Inline BFD support (MX Series)—Starting in Junos OS Release 19.2, MPC10 MPCs support inline

•

BFD features, excluding micro BFD and BFD sessions with authentication.

[See Understanding BFD for Static Routes.]

Support for IPv6 fragment reassembly for v4ov6 dynamic tunnels—Starting in Junos OS Release 19.1R1,

•

you can configure an additional attribute, dynamic-tunnel-reassembly-enable for reassembling IPv6 fragments before the termination of v4ov6 tunnels. The fragment reassembly feature is disabled by default. IPv6 fragments are discarded when this feature is not enabled.

IPv6 reassembly for v4ov6 tunnels (MX Series)—Starting in Junos OS 19.2R1, you can enable the MX

•

chassis to perform IPV6 fragment reassembly for forwarding Ipv4 traffic. When the dynamic-tunel-reassembly is configured, the tunnels using the attribute would be setup for reassembling the IPv6 fragments before the termination of v4ov6 tunnels. By default, this attribute is turned off and the tunnels are set up to discard the IPv6 fragments.

To enable IPv6 fragment reassembly for forwarding Ipv4 traffic, use set dynamic-tunnel-reassembly on statement at the [edit routing-options dynamic-tunnels tunnel-attributes <dynamic-tunnel-name>] hierarchy level.

[See dynamic-tunnel-reassembly.]

Map single IPv6 anycast address on multiple anchor Packet Forwarding Engines (MX240, MX480,

•

MX960, MX2020)—Starting in Junos OS Release 19.2R1, you can assign the same IPv6 anycast address to multiple anchor Packet Forwarding Engines to manage high traffic from CPE to internet. By default, this feature is disabled. Prior to Junos OS Release 19.2R1, you can assign an anycast address only to a single Packet Forwarding Engine and the maximum v4ov6 tunnel scale per Packet Forwarding Engine in MX Series is 150k. This restricts a single anycast address to be used for 150k tunnels.

To configure the same source address over multiple tunnel-attributes, use set v4ov6 ipv6-anycast-source-duplication statement at the [edit routing-options dynamic-tunnels] hierarchy level.

If v4ov6 packets are fragmented, the fragmented packets get steered to one of the anchor Packet Forwarding Engines for IPv6 reassembly processing. To steer the traffic to the correct anchor, Packet Forwarding Engine needs information about the range of IPv4 prefixes that goes over a particular tunnel. To get the range of IPv4 prefixes that goes over a particular tunnel, use set get-route-range statement at the [edit policy-options policy-statement <policy-name> term <term-name> from route-filter <route-filter-value> <range>] hierarchy level.

[See v4ov6 and get-route-range.]

Support for export of BGP Local RIB through BGP Monitoring Protocol (BMP) (MX Series)—Starting in

•

Junos OS Release 19.2R1, BMP is enhanced to support monitoring of local RIB (loc-rib) policy. The loc-rib policy is added to RIB types under the bmp route-monitoring statement.

[See: Understanding the BGP Monitoring Protocol.]

Support for BGP routes with N-Multipath primary and 1-Protection backup gateway (MX Series)—Starting

•

in Junos OS 19.2R1, the following enhancements are made to the Junos OS:

Support N+1 formation for BGP labelled unicast protection (LU).

•

Support N+1 formation for BGP PIC (IPv4, IPv6, LU).

•

100

Support for hetero-nexthops (ListNH) in such N+1 formations.

•

Support for KRT to defer fib-update if BGP-multipath is in progress.

•

Removed restriction to use delay-route-advertisement statement for IPv4 labeled-unicast.

•

Four new options import, install-address <address>, no-install, and rib (inet.0 | inet6.0) are added

•

under the egress-te statement.

A new configuration statement allow-protection is introduced to allow protection for multipath legs.

•

To allow protection for multipath legs, use set allow-protection statement at the [edit protocols bgp multipath] hierarchy level.

A new option always-wait-for-krt-drain is introduced under delay-route-advertisement statement to

•

make more-specific BGP-routes re-advertisement to wait for KRT-queue to drain. To configure this, use set always-wait-for-krt-drain at the [edit protocols bgp family inet unicast delay-route-advertisements] hierarchy level.

[See allow-protection (Multipath), delay-route-advertisements and egress-te.]

Junos OS Release 19.2R2 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Introduction

New Features in 19.2R2

Junos OS Release Notes for ACX Series

What's New

What's New in Release 19.2R2

What's New in Release 19.2R1-S1

Routing Protocols

What's New in Release 19.2R1

Class of Service (CoS)

EVPN

Interfaces and Chassis

Junos Telemetry Interface

Layer 3 Features

Network Management and Monitoring

Software Installation and Upgrade

System Management

What's Changed

What’s Changed in 19.2R2

General Routing

Interfaces and Chassis

Operation, Administration, and Maintenance (OAM)

Routing Protocols

What’s Changed in 19.2R1

Interfaces and Chassis

Network Management and Monitoring

VLAN Infrastructure

Known Limitations

General Routing

Open Issues

General Routing

MPLS

Resolved Issues

Resolved Issues: 19.2R2

Class of Service (CoS)

General Routing

Interfaces and Chassis

Layer 2 Ethernet Services

Platform and Infrastructure

Routing Protocols

Resolved Issues: 19.2R1-S1

General Routing

Resolved Issues: 19.2R1

Class of Service (CoS)

General Routing

Documentation Updates

Installation and Upgrade Guide

Migration, Upgrade, and Downgrade Instructions

Upgrade and Downgrade Support Policy for Junos OS Releases

Junos OS Release Notes for EX Series Switches

What’s New

What’s New in Release 19.2R2

Whats’s New in Release 19.2R1-S1

Routing Protocols

What’s New in Release 19.2R1

Authentication, Authorization, and Accounting (AAA)

Dynamic Host Configuration Protocol

EVPN

JWeb

Layer 2 Features

Multicast

Network Management and Monitoring

Port Security

System Management

What’s Changed

What’s Changed in Release 19.2R2

Interfaces and Chassis

Layer 2 Feature

Multicast

Routing Protocols

What’s Changed in Release 19.2R1-S5

General Routing

MPLS

What’s Changed in Release 19.2R1

Interfaces and Chassis

Network Management and Monitoring